当前位置:首页 > 报告详情

利用 STRAT 构建网络威胁韧性:一种新的 CTI 方法.pdf

上传人: 可*** 编号:991916 2025-12-07 43页 11.81MB

1、Building Cyber Threat Resilience with STRATA new Methodology for Cyber Threat IntelligenceWho We AreChandler McClellanScott J RobertsWhere Were FromWhere Were FromThe ProblemCyber Threat Intelligence is useful for 3 things:Situational Awareness Detection Engineering MarketingBuilding Resilience Shou

2、ld be NextSetting the StageA BRIEF INTRODUCTION TO SYSTEMS THINKINGA BRIEFER INTRODUCTION TO RESILIENCEAPPLYING STRAT TO CYBER RESILIENCESystems Thinking for Cyber DefenseWhat is Systems ThinkingA structured approach for thinking about complex interactionsMapping attacker approaches to defensive app

3、roachesWhy Think in SystemsANTICIPATING 2ND&3RD ORDER EFFECTSINTEGRATES RISK MODELING,SYSTEM DESIGN,AND THREAT INTELLIGENCE TO IMPROVE RESILIENCELAST OF ALLSystems Thinking Concepts:Stock&FlowSystems Thinking Concepts:Causal Loop DiagramIntroduction to ResilienceResilienceA systems ability to recove

4、r or adapt to disturbancesResistanceThe ability of the system to prevent the threat from impacting the systemRetentionThe ability of the system to maintain its core function after being impacted by the threatRecoveryThe ability of the system to recover some baseline level of core function after impa

5、ct from a threatResurgenceThe systems ability to improve a9er a threatHow do we build resilience?Redundancy Diversity Centralization or Decentralization Adaptability Imaging Alignment Stakeholder engagement Self-organization CommunicationThe STRAT MethodologyUsing Systems Thinking to turn Intelligen

6、ce into ResilienceWhat is STRAT?The System-Centric Threat and Resilience Assessment Tool(STRAT)is a methodology for practitioners across various fields to identify and build resilience in systems including both human and material components Developed by Dr Jeffery Taylor at Utah State University for

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要内容概括如下: - **STRAT方法论**:STRAT(System-Centric Threat and Resilience Assessment Tool)是一种系统中心威胁和韧性评估工具,由Utah State University的Jeffery Taylor博士开发,用于识别和构建系统韧性,包括人类和物质组件。 - **STRAT步骤**: 1. 选择研究系统。 2. 在风险-概率矩阵上散点图潜在威胁。 3. 选择一组威胁进行研究。 4. 绘制系统属性。 5. 识别系统的韧性组件。 6. 评估系统对识别的威胁的当前韧性。 7. 提供提高韧性的建议。 - **韧性组件**:包括抵抗、保留、恢复和复苏。 - **案例研究**:以CVE-2024-5806为例,展示了如何应用STRAT框架。 - **关键点**: - 防御不仅仅是IOC和TTP列表。 - 防御不仅仅是意识、检测和营销。 - 有意义的建议意味着关注韧性,包括抵抗、保留、恢复和复苏。 - 结构化分析技术使人们能够发现新兴现象和意外的韧性增强。
"如何提升网络安全韧性?" - STRAT方法论能带来哪些具体改进? "MOVEit安全漏洞怎么防?" - STRAT框架如何应用于实际案例? "系统思维在防御中扮演什么角色?" - 了解STRAT中的系统思考概念,我们能学到什么?
客服
商务合作
小程序
服务号
折叠