A client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks. Which of the following methodologies should be used to BEST meet the client's expectations?
The MITRE ATT&CK framework is specifically designed to document and track Tactics, Techniques, and Procedures (TTPs) used by attackers. It is a continually updated resource that is highly comprehensive, covering a wide range of enterprise systems and networks. This makes it the best methodology for conducting a penetration test that meets the client's expectations.
TTPs stands for Tactics, Techniques, and Procedures. This framework is used to document the individual steps that an attacker takes in order to carry out a malicious attack on a target system. The TTPs framework provides a comprehensive view of the attack, as it tracks all of the methods used by the attacker throughout the attack lifecycle in order to identify any weaknesses or gaps in the security of the system.
The methodology that would BEST meet the client's expectations for a penetration test that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks is the MITRE ATT&CK framework. In contrast, the OWASP Top 10 focuses specifically on web application security, while the NIST Cybersecurity Framework provides high-level guidance for improving overall cybersecurity posture. The Diamond Model of Intrusion Analysis is a methodology for analyzing and understanding cyber threats and is not specifically designed for penetration testing.
B. MITRE ATT&CK framework
MITRE ATTACK and FRAMEWORKS use the TTP