PrivacyEngCollabSpace
attack-control-framework-mappings
| PrivacyEngCollabSpace | attack-control-framework-mappings | |
|---|---|---|
| 1 | 3 | |
| 223 | 465 | |
| 3.6% | - | |
| 7.3 | 4.6 | |
| 13 days ago | about 2 months ago | |
| Python | Python | |
| - | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
PrivacyEngCollabSpace
-
What format / templates do you (CISOs/ISOs) use for your risk assessments of the org?
I would look into some NIST-provided tools like this one: https://github.com/usnistgov/PrivacyEngCollabSpace/tree/master/tools/risk-assessment/NIST-Privacy-Risk-Assessment-Methodology-PRAM. Haven't used it myself but it looks like it might fit your use-case.
attack-control-framework-mappings
-
Is there a Mitre Att&ck mapping to NIST Threat Events?
Here's a mapping to 800-53: https://ctid.mitre-engenuity.org/our-work/nist-800-53-control-mappings/
- NIST 800-53 Control Mappings to MITRE ATT&CK. Pretty handy, if you like that sort of thingā¦
-
What are the most important metrics for measuring cloud and endpoint security?
BlindSPOT: https://blindspotsec.com/ Specific graphic from BlindSPOT: https://blindspotsec.com/wp-content/uploads/2021/04/Failure_Before.jpg How to Measure Anything in Cybersecurity Risk: https://www.amazon.com/dp/B01J4XYM16/ Monte Carlo simulation approach: https://embracethered.com/blog/posts/2020/red-teaming-and-monte-carlo-simulations/ D3FEND: https://d3fend.mitre.org/ ATT&CK mappings: https://github.com/center-for-threat-informed-defense/attack-control-framework-mappings ATT&CK evals: https://attackevals.mitre-engenuity.org/index.html CALDERA: https://github.com/mitre/caldera Offensive Countermeasures: https://www.amazon.com/dp/1974671690/ SPIFFE: https://spiffe.io/ SPIRE: https://github.com/spiffe/spire Zerotier: https://www.zerotier.com/ Zerotier libzt: https://github.com/zerotier/libzt
What are some alternatives?
presidio - Context aware, pluggable and customizable data protection and de-identification SDK for text and images
caldera - Automated Adversary Emulation Platform
differential-privacy-library - Diffprivlib: The IBM Differential Privacy Library
ZeroTier - A Smart Ethernet Switch for Earth
PyDP - The Python Differential Privacy Library. Built on top of: https://github.com/google/differential-privacy
tram - TRAM is an open-source platform designed to advance research into automating the mapping of cyber threat intelligence reports to MITRE ATT&CKĀ®.
gretel-synthetics - Synthetic data generators for structured and unstructured text, featuring differentially private learning.
caldera_pathfinder - Pathfinder is a plugin for mapping network vulnerabilities, scanned by CALDERA or imported by a supported network scanner, and translating those scans into adversaries for network traversal.
tern - Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
adversary_emulation_library - An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
libzt - Encrypted P2P sockets over ZeroTier
attack-stix-data - STIX data representing MITRE ATT&CK