MITRE Engenuity’s Center for Threat-Informed Defense (CTID) releases new methodology

Off Industry News,

Today, MITRE Engenuity’s Center for Threat-Informed Defense (CTID) released a new methodology to use the adversary behaviors described in MITRE ATT&CK® to characterize the impact of vulnerabilities from CVE®.

This methodology aims to establish a critical connection between vulnerability management, threat modeling, and compensating controls. CVEs linked to ATT&CK techniques can empower defenders to better assess the true risk posed by specific vulnerabilities in their environment. MITRE has applied the methodology and mapped several hundred CVEs to ATT&CK to validate the model and demonstrate its value.

Learn more here.

About The Author

Hugh Taylor is a Certified Information Security Manager (CISM). In addition to editing Journal of Cyber Policy, he writes about cybersecurity, compliance and enterprise technology for such clients as Microsoft, IBM, SAP, HPE, Oracle, Google and Advanced Micro Devices. Prior to launching his freelance writing career, he served in executive roles at Microsoft, IBM and several venture-backed technology startups.

Privacy Policy