In this report, part of the Next Generation Cyber Infrastructure Apex program, a high-level model is expanded into a more detailed threat model, reflecting attacker methods relevant to a generic financial services sector institution.
In this report, the high-level model described in a related publication, is expanded into a more detailed threat model, reflecting attacker methods at a level relevant to implementation with respect to a generic FSS institution. Attacker methods are drawn from MITRE and cyber defense community sources including Adversary Tactics Techniques and Common Knowledge (ATT&CK), ATT&CK for Left of Exploit (PRE-ATT&CK), and Common Attack Pattern Enumeration and Classification (CAPEC). The threat model is intended both to support NGCI Apex program use cases and to provide a common, consistent frame of reference for community interaction, supplementing institution-specific threat models maintained internally within individual institutions.
Note: This report is part of a larger suite of publications supporting the Next Generation Cyber Infrastructure Apex program.