https://github.com/center-for-threat-informed-defense/threat-modeling-with-attack

Threat Modeling with ATT&CK defines how to integreate MITRE ATT&CK® into your organization’s existing threat modeling methodology.
https://github.com/center-for-threat-informed-defense/threat-modeling-with-attack

attack-trees ctid cyber-threat-intelligence cybersecurity mitre-attack threat-informed-defense threat-modeling

Last synced: 8 months ago
JSON representation

Threat Modeling with ATT&CK defines how to integreate MITRE ATT&CK® into your organization’s existing threat modeling methodology.

• Host: GitHub
• URL: https://github.com/center-for-threat-informed-defense/threat-modeling-with-attack
• Owner: center-for-threat-informed-defense
• License: apache-2.0
• Created: 2024-01-09T20:29:42.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2024-10-02T13:49:08.000Z (about 1 year ago)
• Last Synced: 2024-12-28T11:15:43.131Z (10 months ago)
• Topics: attack-trees, ctid, cyber-threat-intelligence, cybersecurity, mitre-attack, threat-informed-defense, threat-modeling
• Language: Makefile
• Homepage: https://ctid.io/threat-modeling
• Size: 23.1 MB
• Stars: 5
• Watchers: 49
• Forks: 3
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE.txt

Awesome Lists containing this project

README

          
# Threat Modeling with ATT&CK

Threat Modeling with ATT&CK defines how to integrate MITRE ATT&CK® into your

organization’s existing threat modeling methodology. This process is intended for

universal application to any system or technology stack (large or small) using any

existing threat modeling methodology like STRIDE, PASTA, or Attack Trees. To demonstrate

its use and applicability to a wide audience of cybersecurity practitioners, we apply

this process to a fictional internet-of-things (IOT) system called the Ankle Monitoring

Predictor of Stroke (AMPS).

**Table Of Contents:**

- [Getting Started](#getting-started)

- [Getting Involved](#getting-involved)

- [Questions and Feedback](#questions-and-feedback)

- [Notice](#notice)

## Getting Started

Go to the project website to learn all about the Threat Modeling with ATT&CK process,

including detailed steps for applying the process and comprehensive examples based.

| Resource                                                                                             | Description                                                              |

| ---------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------ |

| [Project Website](https://center-for-threat-informed-defense.github.io/threat-modeling-with-attack/) | The project website describes the comprehensive threat modeling process. |

## Getting Involved

There are several ways that you can get involved with this project and help

advance threat-informed defense:

- **Read the Threat Modeling process.** Read the detailed process defined by this

  project and learn how to apply it by following through the realistic examples.

- **Apply Threat Modeling to your own projects.** Put the project into action by using

  it to conduct your next threat modeling exercise.

- **Spread the word.** Provide feedback to us regarding the usefulness of the project

  and share the word with your peers and colleagues in the industry.

## Questions and Feedback

Please submit [issues on

GitHub](https://github.com/center-for-threat-informed-defense/threat-modeling-with-attack/issues)

for any technical questions or requests. You may also contact

[ctid@mitre-engenuity.org](mailto:ctid@mitre-engenuity.org?subject=Question%20about%20threat-modeling-with-attack)

directly for more general inquiries about the Center for Threat-Informed Defense.

We welcome your contributions to help advance Threat Modeling with ATT&CK in the form of

[pull

requests](https://github.com/center-for-threat-informed-defense/threat-modeling-with-attack/pulls).

Please review the [contributor

notice](https://github.com/center-for-threat-informed-defense/threat-modeling-with-attack/blob/main/CONTRIBUTING.md)

before making a pull request.

## Notice

© 2024 MITRE Engenuity. Approved for public release. Document number(s) CT0122.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this

file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under

the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

KIND, either express or implied. See the License for the specific language governing

permissions and limitations under the License.