The MITRE ATT&CK framework is one of today’s most significant and publicly available cybersecurity knowledge bases. Organizations, cybersecurity analysts and practitioners should use MITRE ATT&CK because it fosters greater awareness of the security posture by gaps in defenses. More importantly, the ATT&CK lists methods to mitigate or interrupt attacker attempts to perform the specific technique. Moreover, the framework is designed to be used at all levels of the organization, from analysts to leaders. This article highlights the framework’s tactics with examples of how to share information within your organization.
Incident response addresses the question: “How well did you prepare?” Your response to that question is directly related to your preparation. This supports the adage that an ounce of prevention is worth a pound of cure—or response. This article takes a look at five basic lessons to consider when mitigating incidents to help you prepare and prevent a potential cyber incident.
Since 2004, members of the National Cybersecurity Preparedness Consortium (NCPC) have been working with the Department of Homeland Security (DHS) to provide research-based, cybersecurity training, exercises and technical assistance to local jurisdictions, counties, states and the private sector. These resources are available at no cost to participants! Learn more about these resources here!
When it comes to cybersecurity, it is common to hear statements that you can’t protect against all attacks and be absolutely secure. Because of this, the goal of organizations should not be to try and make their computer systems and networks absolutely secure but rather they should concentrate on managing the risk to the organization. One necessary factor in risk management is an understanding of your IT environment including what systems and software you utilize.
Your policies should be living documents that evolve as your organization grows and changes. If it has been a while since your security policies have been reviewed, you may find that they are outdated, no longer comply with new laws and regulations or may not address the systems and technology you are using today. At a minimum, review security policies on an annual basis and take into consideration other indicators that your policies need to be reviewed.