In the News
Security Bulletin: Cybersecurity Executive Order
- Adopt threat modeling, control validation, and ATT&CK. Technology providers should anticipate being targeted by threat actors—either for financial gain or as a stepping stone into customer environments—and apply and validate security controls based on anticipated adversary behavior. By understanding the anatomy of recent supply chain attacks and associated tactics, techniques, and procedures (TTPs), defenders can ensure risk-based countermeasures are in place and effective to safeguard software code and other crown jewels. The MITRE Corporation’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework can help through its library of mappings between TTPs and defensive countermeasure coverage.