Beruflich Dokumente
Kultur Dokumente
This is a work of the U.S. Government and is not subject to copyright protection in the United States.
UNCLASSIFED
• Apartment • Flat
• French Fries • Chips
• Elevator • Lif
• Gasoline • Petrol
• Soccer • Football
• Cookie • Biscuit
1) Foundation
4) Analysis
Intent Reconnaissance Development Staging Delivery Configure Maneuver Exploitation C2 Effect NSA 10 Step
Lockheed Martin
Reconnaissance Weaponization Delivery Exploitation Installation C2 Actions on Objective
Kill Chain ®
Malware Hacking Social Environmental threat Physical threat Misuse Error VERIS Categories of Threat Actions
Foot printing Scanning Enumeration Gain access Privilege Situational Covering Creating
JCAC Exploitation
(exploitation) escalation awareness tracks Backdoors
Effect/Consequence
Analysis
• Depending on the information selected and its presentation,
one can begin to conduct a variety of analysis:
– Trends – change over time
• What caused the change
– Predictive – what’s next
– Environmental
• Was the threat different than expected
• What vulnerabilities were missed
• How to optimize remedial action
– Vulnerability – risk analysis
– Defensive posture
Threat
Preparation Engagement Presence Effect/Consequence
Actor
Threat Actor A
Threat Actor B
Threat Actor C
Threat Actor D
Threat Actor E
Threat Actor F
Threat Actor G
Threat Actor H
0 1 2 3 4 5 6 7 8 90 2 4 6 8 10 0 2 4 6 8 10 0 1 2 3 4 5 6
Preparation Engagement Presence Effect/Consequence
Plan activity
Preparation
Develop capability
Interact with intended victim
Exploit vulnerabilities
Deliver malicious capability
Hide
Expand presence
Refine focus of activity
Establish persistence
Effect/Consequence
Deny Access
Extract data
Alter/manipulate computer, network
or system behavior
Destroy HW/SW/data
Summary
• The Cyber Threat Framework supports the characterization
and categorization of cyber threat information through the
use of standardized language.
• The Cyber Threat Framework categorizes the activity in
increasing “layers” of detail (1- 4) as available in the
intelligence reporting.
• The Cyber Threat Framework can be used to support analysis
Questions?