How Do You Assess Your Organization's Cyber Threat Level?

Abstract

In the Cyber Prep methodology, an organization determines its target level of preparedness against cyber threats, including the advanced persistent threat, based on its assessment of the level of the adversary it faces. That is, an organization calibrates its cyber security measures, as well as its cyber security governance, to its cyber threat. Cyber Prep characterizes the cyber threat in terms of an adversarys level of capability, intent, and targeting. However, many adversaries demonstrate a mixture of levels. Organizations can differ in how they account for such adversaries. Those differences reflect an organizations attitude toward the advanced cyber threat. A set of anchoring examples illustrates how different attitudes can result in different assessments of adversary level.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2011
Accession Number
AD1137499

Entities

People

  • Deb Bodeau
  • Jenn Fabius-greene
  • Rich Graubart

Organizations

  • MITRE Corporation

Tags

DTIC Thesaurus Topics

  • Advanced Persistent Threat
  • Commerce
  • Computers
  • Corporations
  • Criminals
  • Cyber Threats
  • Cyberspace
  • Cyberspace Operations
  • Department Of Homeland Security
  • Governments
  • Information Security
  • Personnel Management
  • Risk
  • Risk Analysis
  • Risk Factors
  • Security
  • Terrorists

Fields of Study

  • Computer science

Readers

  • Civilian Systems Systems Program Capability Development and Upgrade Support Activity Expense and Pay Management.
  • Organizational Process Management (OPM).
  • Systems Analysis and Design

Technology Areas

  • Cyber