OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti] Threat Actor Sophistication Levels

Basically +1 for not reinventing the wheel

On Sunday, 7 August 2016, Mark Clancy <mclancy@soltra.com> wrote:

This has the best approach it this IMHO http://www.acq.osd.mil/dsb/reports/ResilientMilitarySystems.CyberThreat.pdf



Sent from my Windows 10 phone


From: Jordan, Bret
Sent: Saturday, August 6, 2016 9:28 PM
To: cti@lists.oasis-open.org
Subject: [cti] Threat Actor Sophistication Levels


I have been drilling in to the Threat Actor vocabularies today and would like to propose some changes to the Sophistication Levels.  We currently have the following levels:

  1. none
  2. novice
  3. practitioner
  4. expert
  5. innovator


I am wondering about changing that list to be something more like the following.... I have added some details (to be fleshed out) to give you some context of what I am thinking.  The initial list of 5 I feel is way to short. I would be very interested in your comments and feedback.  

  1. basic (average joe/jane)
  2. novice (script kiddie)
  3. hobbyist (your average IT geek)
  4. operator
    1. Focuses on specific tasks within a campaign
    2. Can operate systems for an attack
    3. Can run tool kits designed by others
    4. Is a contributor to a larger organization
  1. technician
    1. Focuses on specific mission objectives and goals
    2. Can troubleshoot and fix systems used in an attack
    3. Can execute attack plans and campaigns
  1. professional
    1. Focuses on broad tactical and mission goals
    2. Can identify targets and build attack plans
    3. Can use and taylor advanced toolkits
  1. architect
    1. Focuses on broad organizational goals
    2. Can design the attack infrastructure 
  1. specialist
    1. Has very specialized skills but is not planning on running the show
    2. Reverse Engineers
    3. 1-day Malware Author
    4. Botnet infrastructure architect
  1. expert
    1. Focuses on strategic goals
    2. Able to plan very elaborate and advanced attacks
    3. Is a specialist in more than one area
    4. 0-day Malware Author
  1. innovator
    1. Thinks and plans for the future
    2. Designs new malware toolkits
    3. Innovates and move the attacker community forward
    4. Is an expert in more than one area









Bret Jordan CISSP

Director of Security Architecture and Standards | Office of the CTO

Blue Coat Systems

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]