
25.10.2022
|Bruno Blumenthal
|Präsentation
Most Security Operation Center work with use-cases to manage their detection and response capabilities. When it comes to the use-case development many organizations turn to the MITRE ATT&CK Framework as a starting point. Even though ATT&CK is not a use-case framework, as it was originally developed as a taxonomy tool for threat intelligence. But it has a valuable information we can use to identify and prioritize potential detection use-cases. Identifying the use-cases is an important first step. But how are we ensure the use-cases are implemented in a timely fashion. We then need to prioritize and ensure that we adapt our prioritization to changes in the threat landscape and the business environment. This is where methods and principles of the agile software development can help us. In this talk I will show you how to combine a data-based method to prioritize ATT&CK techniques with ideas from the agile software development for their implementation. With this approach you can ensure an efficient use of your resources and focus on the right use-cases at the right time. The agile methods will allow you to constantly grow and evolve your detection capabilities.
Play clicken um das Youtube Video zu laden und abzuspielen.
Seit über 20 Jahren beschäftige ich mich mit Informations- und Cybersicherheit. Ich unterstütze unsere Kunden bei der Weiterentwicklung und Optimierung ihrer Security-Governance und -Organisation. Beim Aufbau zukunftsfähiger Sicherheitsarchitekturen steht für mich das optimale Zusammenspiel von Technik und Mensch im Mittelpunkt. Daneben engagiere ich mich als Chefexperte der Prüfung zum Information Security Manager mit eidg. Diplom für die Weiterbildung im Bereich Cybersecurity.