Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/keithmccammon/cybersecurity-models

A collection of models for organizing, prioritizing, and understanding cybersecurity and information risk management concepts.
https://github.com/keithmccammon/cybersecurity-models

List: cybersecurity-models

awesome-list cybersecurity maturity-models risk-management

Last synced: 2 months ago
JSON representation

A collection of models for organizing, prioritizing, and understanding cybersecurity and information risk management concepts.

Host: GitHub
URL: https://github.com/keithmccammon/cybersecurity-models
Owner: keithmccammon
Created: 2024-08-06T17:26:05.000Z (5 months ago)
Default Branch: main
Last Pushed: 2024-10-03T01:13:44.000Z (3 months ago)
Last Synced: 2024-10-06T20:01:11.675Z (3 months ago)
Topics: awesome-list, cybersecurity, maturity-models, risk-management
Homepage: https://kwm.me/posts/cybersecurity-models/
Size: 17.6 KB
Stars: 11
Watchers: 3
Forks: 2
Open Issues: 2
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

ultimate-awesome - cybersecurity-models - A collection of models for organizing, prioritizing, and understanding cybersecurity and information risk management concepts. (Other Lists / Monkey C Lists)

README

        # Cybersecurity models

A collection of models for organizing, prioritizing, and understanding cybersecurity and information risk management concepts.

## Functional models

[Cybersecurity Framework (CSF)](https://www.nist.gov/cyberframework) by the National Institute of Standards and Technology (NIST), U.S. Department of Commerce

[Cyber Defense Matrix](https://cyberdefensematrix.com/) by Sounil Yu

## Intrusion and/or adversary analysis models

[ATLAS](https://atlas.mitre.org/) by the MITRE Corporation

[ATT&CK](https://attack.mitre.org/) by the MITRE Corporation

[Cyber Kill Chain](https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html) by Lockheed Martin

[D3FEND](https://d3fend.mitre.org/) by the MITRE Corporation 

[Diamond Model](https://apps.dtic.mil/sti/pdfs/ADA586960.pdf) by the United States Department of Defense (DoD)

[GenAI Attacks Matrix](https://ttps.ai/)

[SaaS Attacks](https://github.com/pushsecurity/saas-attacks) by Push Security

 

## Maturity models

[Consumer Authentication Strength Maturity Model (CASMM)](https://danielmiessler.com/p/casmm-consumer-authentication-security-maturity-model) by Daniel Meissler 

[CSIRT Maturity Framework](https://www.enisa.europa.eu/topics/incident-response/csirt-capabilities/csirt-maturity) by the European Union Agency for Cybersecurity (ENISA)

[Cyber Threat Intelligence Capability Maturity Model (CTI-CMM)](https://cti-cmm.org/) by the CTI-CMM team / working group

[Cybersecurity Capability Maturity Model (C2M2)](https://www.energy.gov/ceser/cybersecurity-capability-maturity-model-c2m2) by the United States Department of Energy (DoE)

[Cybersecurity Maturity Matrix](https://cybermaturitymatrix.com/) by Keith McCammon

[Cybersecurity Maturity Model Certification](https://dodcio.defense.gov/CMMC/), by the United States Department of Defense (DoD)

[Detection Engineering Maturity Model](https://detectionengineering.io/) by Kyle Bailey

[Essential Eight Maturity Model](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-maturity-model) by the Australian Signals Directorate (ASD)

[Red Team Maturity Model (RTCMM)](https://www.redteammaturity.com/) by Brent Harrell and Garet Stroup

[Security Incident Management Maturity Model](https://opencsirt.org/csirt-maturity/sim3-and-references/), by the Open CSIRT Foundation

[Zero Trust Maturity Model](https://www.cisa.gov/zero-trust-maturity-model) by the Cybersecurity & Infrastructure Security Agency (CISA)

## Shared responsibility models

[Artificial intelligence (AI) shared responsibility model](https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility-ai) by Microsoft

[AI Security Shared Responsibility Model](https://www.returnonsecurity.com/p/ai-security-shared-responsibility-model-navigating-risks-ai-deployment) by Mike Privette

[Shared responsibilities and shared fate on Google Cloud](https://cloud.google.com/architecture/framework/security/shared-responsibility-shared-fate) by Google

[Shared responsibility in the cloud](https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility) by Microsoft

[Shared Responsibility Model](https://aws.amazon.com/compliance/shared-responsibility-model/) by Amazon Web Services

## Threat, risk, resilience and other management models

[AI Risk Management Framework](https://www.nist.gov/itl/ai-risk-management-framework) by the National Institute of Standards and Technology (NIST), U.S. Department of Commerce

[AI Risk Repository](https://airisk.mit.edu/) by MIT

[CERT Resilience Management Model](https://insights.sei.cmu.edu/library/cert-resilience-management-model-cert-rmm-version-12/) by Carnegie Mellon University

[FAIR Risk Management](https://www.fairinstitute.org/fair-risk-management) by the FAIR Institute

[OCTAVE](https://insights.sei.cmu.edu/library/operationally-critical-threat-asset-and-vulnerability-evaluation-octave-framework-version-10/) by Carnegie Mellon University

[Risk Management Framework](https://csrc.nist.gov/projects/risk-management/about-rmf) by the National Institute of Standards and Technology (NIST), U.S. Department of Commerce

[Threat Assessment and Remediation Analysis (TARA)](https://www.mitre.org/news-insights/publication/threat-assessment-and-remediation-analysis-tara) by the MITRE Corporation