OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Threat Actor Sophistication Levels

I have been drilling in to the Threat Actor vocabularies today and would like to propose some changes to the Sophistication Levels.  We currently have the following levels:
  1. none
  2. novice
  3. practitioner
  4. expert
  5. innovator

I am wondering about changing that list to be something more like the following.... I have added some details (to be fleshed out) to give you some context of what I am thinking.  The initial list of 5 I feel is way to short. I would be very interested in your comments and feedback.  
  1. basic (average joe/jane)
  2. novice (script kiddie)
  3. hobbyist (your average IT geek)
  4. operator
    1. Focuses on specific tasks within a campaign
    2. Can operate systems for an attack
    3. Can run tool kits designed by others
    4. Is a contributor to a larger organization
  5. technician
    1. Focuses on specific mission objectives and goals
    2. Can troubleshoot and fix systems used in an attack
    3. Can execute attack plans and campaigns
  6. professional
    1. Focuses on broad tactical and mission goals
    2. Can identify targets and build attack plans
    3. Can use and taylor advanced toolkits
  7. architect
    1. Focuses on broad organizational goals
    2. Can design the attack infrastructure 
  8. specialist
    1. Has very specialized skills but is not planning on running the show
    2. Reverse Engineers
    3. 1-day Malware Author
    4. Botnet infrastructure architect
  9. expert
    1. Focuses on strategic goals
    2. Able to plan very elaborate and advanced attacks
    3. Is a specialist in more than one area
    4. 0-day Malware Author
  10. innovator
    1. Thinks and plans for the future
    2. Designs new malware toolkits
    3. Innovates and move the attacker community forward
    4. Is an expert in more than one area


Thanks,

Bret



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]