The Trouble with TCAPS: Using MITRE ATT&CK™, Threat Intelligence, and FAIR for Better Risk Analysis
In any risk equation or framework, one of the most formidable variables to gaining a proper understanding of risks to an organization is the determination of threats and threat capabilities. Practitioners of the quantitative risk framework Factor Analysis of Information Risk (FAIR) will already be familiar with the Threat Capability (TCAP) variable and its challenges.
Don’t Underestimate the Value of Threat Data
Organizations typically underestimate the significance of data if it is difficult to obtain. An accurate understanding of threats can enhance an organization’s ability to both assess risk and prevent future attacks or critical incidents. Simply stating that a threat actor’s capabilities are ‘Insider’ or ‘Hacker’ is not valuable.
Are Traditional Risk Assessments Outdated?
Advances in research (such as the MITRE ATT&CK framework) and resources (such as those from adversarial simulation teams) provide insight into many of today’s known, active threat actor groups and the techniques they use. Without incorporating these valuable contributions, traditional risk assessments are becoming less useful. Clearly there is need to use threat and attack intelligence to meet ever more complex organizational security challenges.
More Accurate Risk Calculations = Better Decisions
Join Office of the CSO Practice Lead Rockie Brockway as he discusses using crucial threat actor motivation and attack complexity variables to better define the relevant threats to your business that will improve your quantitative risk-based decisions.