CIS Community Defense Model
- From the Verizon DBIR and other sources, we identified the five most important attack types we want to defend against: Web-Application Hacking, Insider and Privilege Misuse, Malware, Ransomware, and Targeted Intrusions.
- For each type of attack, we determined an attack pattern - the set of ATT&CK Model Techniques required to execute the Tactics used in that attack.
- We identified the specific security value of Safeguards in the CIS Controls against the Techniques found in each attack. We did this by going through the class of Mitigations associated with each Technique.
- We then stood back to examine the security value (in terms of mitigating attacks) of implementing the Sub-Controls comprising the CIS Controls.