Jeff Man - Online Business Systems
"Why Attack When You Can Defend"
Oct 21, 2020
MITRE ATT&CK® seems to be the“next big thing”. Every time I hear about it I can’t help but wonder, “how doyou prevent all these attacks in the first place? Shouldn’t that be the endgame?” To that end, I set out to map all the recommended “Mitigations” for allthe “Techniques” detailed in ATT&CK to see how many are already addressedby what is required in the Payment Card Industry Data Security Standard (PCIDSS). My hypothesis was all of them. The results were interesting and a littlesurprising, and I’m still trying to figure out how to best use the results andsubsequently ATT&CK itself. I will present my findings in the briefing andhopefully generate a discussion about what to do with the results.