RFI: MITRE Analysis and Assessment Vocabulary

[Patrick Maroney <Pmaroney@Specere.org>]

Although relative to the active discussions, I wanted to pull this RFI out of the increasingly bifurcated related threads:

(1)  MITRE published the following paper in 2013 that some of may find of value:

Characterizing Effects on the Cyber Adversary

A Vocabulary for Analysis and Assessment

Deborah Bodeau 

Richard Graubart 

November 2013

http://www.mitre.org/sites/default/files/publications/characterizing-effects-cyber-adversary-13-4173.pdf

Abstract

This paper presents a vocabulary for stating claims or hypotheses about the effects of cyber mission assurance decisions on cyber adversary behavior. Cyber mission assurance decisions include choices of cyber defender actions, architectural decisions, and selections and uses of technologies to improve cyber security, resiliency, and defensibility (i.e., the ability to address ongoing adversary activities). The vocabulary enables claims and hypotheses to be stated clearly, comparably across different assumed or real-world environments, and in a way that suggests evidence that might be sought but is independent of how the claims or hypotheses might be evaluated. The vocabulary can be used with multiple modeling and analysis techniques, including Red Team analysis, game-theoretic modeling, attack tree and attack graph modeling, and analysis based on the cyber attack lifecycle (also referred to as cyber kill chain analysis or cyber campaign analysis).

(2)  I've reached out to a couple of MITRE contacts but have been unable to find any additional related papers, reference implementations, and/or schematic representations of the Analysis and Assessment Vocabulary.  I'd welcome a direct reach back if anyone has anything related to this work.

Patrick Maroney

President

Integrated Networking Technologies, Inc.

Office:  (856)983-0001

Cell:      (609)841-5104