Quantifying Threat Actors with Threat Box

Why Not an Existing Threat Model

Threat Box Categories and Scoring

  • Espionage — attacks impacting the Confidentiality of data or systems
  • Destructive — attacks impacting the Integrity of data or systems
  • Disruptive — attacks impacting the Availability of data or systems
  • Cyber-Crime — attacks intended for near-term financial profit

Intent & Willingness

Capabilities & Novelty

The Notional Targets and Threat Box Assessments

American Oil (AmO)

AmO’s Threat Box

United States Government Financial Organization (USGFO)

USGFO’s Threat Box

Information Technology Company (ITCO)

ITCO’s Enterprise Threat Box
ITCO’s Services Threat Box

Working with an Awesome Team

Closing it Out

  1. Read a LOT of reporting,
  2. Determine if the reports are discussing espionage, destructive, disruptive, or cyber-crime attacks,
  3. Determine the Intent score, consider the Willingness modifier,
  4. Determine the Capability score, adjust for the Novelty modifier,
  5. Map the actor’s scores on the model.
  6. Rinse, repeat, and get coffee with your awesome team.

References and Resources

Supporting References

--

--

--

I enjoy writing, mentoring, and sharing knowledge. Read my full bio in my whoami article https://medium.com/@andy.c.piazza/whoami-a5410956fffb

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Solitaire Classic Collection· Hack Free Resources Generator

UPFI Network Full testnet guidelines

FireEye attack

{UPDATE} Baseball Smash Hack Free Resources Generator

Stop scratching the surface, and hack the dependencies

Now, Fate of Saga’s (FOFS) Presale Whitelist is Open!

What Is BitLocker Encryption and How to Use BitLocker on Windows Home Editions

5

{UPDATE} Sjoelbak Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Andy Piazza

Andy Piazza

I enjoy writing, mentoring, and sharing knowledge. Read my full bio in my whoami article https://medium.com/@andy.c.piazza/whoami-a5410956fffb

More from Medium

Breaking into Threat Intelligence

Incident Response Part 1: Preparation | EN

Splunk 101 For Beginner : Part 3

TRY HACK ME: Pyramid of Pain Write-Up