Information Security
All Quiet on the Threat Front? Building a Cyber Threat Assessment
Wednesday, March 27, 2024, 10:30 AM - 11:20 AM
Imagine you’re a superhero. You protect the people who rely on and exist within and around your organization from the ever-changing and ever-growing cyber threats across the globe. You need the right tools and the right strategies to fight against these digital threat actors. The first gadget in your toolbelt − a clear understanding of the threat landscape to build a comprehensive threat assessment program. For this program to succeed, you need four main components: your asset landscape, your threat landscape, your processes/controls and your partners. While connecting these seemingly disjointed pieces together sounds daunting, the industry offers several publications, mapped mostly by the Center for Thread Informed Defense, that act as a handy-dandy sidekick when brought together: MITRE ATT&CK®, Vocabulary for Event Recording and Incident Sharing (VERIS), NIST 800-30 Guide for Conducting Risk Assessments, and NIST 800-53 Security and Privacy Controls for Information Systems and Organizations.