IT Security - Chathura Ariyadasa (He/Him/His)

Cybersecurity frameworks are the key starting point for any organization that wants to meet regulatory compliance and demonstrate security readiness to leadership. Still, compliance is hard, and every organization struggles to prove it. Today, we will be looking at how ATT&CK frameowrk helps to achieve this goal.

In ATT&CK framework, there are 2 some what related terms called TACTICS & TECHNIQUES. Tactics represent the “why” of an ATT&CK technique or sub-technique. It is the adversary’s tactical goal: the reason for performing an action, where as Techniques represent “how” an adversary achieves a tactical goal by performing an action.

With ATT&CK framework, we can do many things. but today we will be looking at defensive control mapping. Defensive controls can carry well-understood meaning when referenced against the ATT&CK tactics and techniques they apply to. ATT&CK offers really cool applications, such as ATT&CK Navigator. This provides the ability for users to define layers – custom views of an ATT&CK matrix – for example, showing just the techniques for a particular platform, highlighting techniques a specific adversary has been known to use, creating heat maps for heavily used techniques, or visualizing defensive coverage. Layers can be created interactively within the Navigator or generated programmatically and then visualized via the Navigator.

The below video gives a brief walktrough on ATT&CK Navigator

Once you get familar with the above solution, you may start with predefined NIST control templates (which is on Github). Continue reading “Mapping NIST 800-53 controls to ATT&CK”

If you are working in the IT/Cybersecurity industry, you may come across these terms. Most probably, IAT and IAM. If you are thinking of working for a federal organization, this basic understanding is mandatory.

All those qualification frameworks are being established by the US DoD (Department of Defense).

IAM – IAM stands for Information Assurance Management. This qualification is more focused on Management.
IAT – IAT stands for Information Assurance Technical. Meaning this is more focused on Technical.
IASAE – IASAE stands for Information Assurance System Architects and Engineers. This means this is more focused on IS Architecting.

All those Frameworks have different Levels, starting from Level 1 through Level 3. Level 1 is considered entry-level certifications, level 2 are intermediate, and level 3 is expert level.

Updated DoD Approved 8570 Baseline Certifications

[source: https://public.cyber.mil/cw/cwmp]

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
__cfduid	1 month	The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.

Tag: IT Security

Mapping NIST 800-53 controls to ATT&CK

IAM vs IAT vs IASAE – Cyber Security Qualification Comparison