[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] Threat Actor Sophistication Levels
This has the best approach it this IMHO http://www.acq.osd.mil/dsb/
reports/ ResilientMilitarySystems. CyberThreat.pdf
Sent from my Windows 10 phone
From: Jordan, Bret
Sent: Saturday, August 6, 2016 9:28 PM
To: cti@lists.oasis-open.org
Subject: [cti] Threat Actor Sophistication Levels
I have been drilling in to the Threat Actor vocabularies today and would like to propose some changes to the Sophistication Levels. We currently have the following levels:
- none
- novice
- practitioner
- expert
- innovator
I am wondering about changing that list to be something more like the following.... I have added some details (to be fleshed out) to give you some context of what I am thinking. The initial list of 5 I feel is way to short. I would be very interested in your comments and feedback.
- basic (average joe/jane)
- novice (script kiddie)
- hobbyist (your average IT geek)
- operator
- Focuses on specific tasks within a campaign
- Can operate systems for an attack
- Can run tool kits designed by others
- Is a contributor to a larger organization
- technician
- Focuses on specific mission objectives and goals
- Can troubleshoot and fix systems used in an attack
- Can execute attack plans and campaigns
- professional
- Focuses on broad tactical and mission goals
- Can identify targets and build attack plans
- Can use and taylor advanced toolkits
- architect
- Focuses on broad organizational goals
- Can design the attack infrastructure
- specialist
- Has very specialized skills but is not planning on running the show
- Reverse Engineers
- 1-day Malware Author
- Botnet infrastructure architect
- expert
- Focuses on strategic goals
- Able to plan very elaborate and advanced attacks
- Is a specialist in more than one area
- 0-day Malware Author
- innovator
- Thinks and plans for the future
- Designs new malware toolkits
- Innovates and move the attacker community forward
- Is an expert in more than one area
Thanks,
Bret
Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]