How Do You Assess Your Organization's Cyber Threat Level?

Abstract

In the Cyber Prep methodology, an organization determines its target level of preparedness against cyber threats, including the advanced persistent threat, based on its assessment of the level of the adversary it faces. That is, an organization calibrates its cyber security measures, as well as its cyber security governance, to its cyber threat. Cyber Prep characterizes the cyber threat in terms of an adversary's level of capability, intent, and targeting. However, many adversaries demonstrate a mixture of levels. Organizations can differ in how they account for such adversaries. Those differences reflect an organizations attitude toward the advanced cyber threat. A set of anchoring examples illustrates how different attitudes can result in different assessments of adversary level.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Aug 01, 2010
Accession Number
AD1108587

Entities

People

  • Deb Bodeau
  • Jenn Fabius-greene
  • Rich Graubart

Organizations

  • MITRE Corporation

Tags

DTIC Thesaurus Topics

  • Advanced Persistent Threat
  • Commerce
  • Computers
  • Corporations
  • Criminals
  • Cyber Threats
  • Cybersecurity
  • Cyberspace
  • Cyberspace Operations
  • Department Of Defense
  • Department Of Homeland Security
  • Employment
  • Governments
  • Information Security
  • Information Warfare
  • Military Operations
  • Personnel Management
  • Risk
  • Risk Analysis
  • Risk Factors
  • Risk Management
  • Security
  • Terrorists
  • Threats

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Organizational Psychology.
  • Systems Analysis and Design

Technology Areas

  • Cyber