Enhanced Cyber Threat Model for Financial Services Sector Institutions

November 2018
Topics: Next Generation Cyber Infrastructure, Cybersecurity, Network Security
David B. Fox, The MITRE Corporation
Eric I. Arnoth, The MITRE Corporation
Dr. Clement W. Skorupka, The MITRE Corporation
Catherine D. McCollum, The MITRE Corporation
Deborah J. Bodeau, The MITRE Corporation
Download PDF (2.29 MB)

In this report, the high-level model described in a related publication, is expanded into a more detailed threat model, reflecting attacker methods at a level relevant to implementation with respect to a generic FSS institution. Attacker methods are drawn from MITRE and cyber defense community sources including Adversary Tactics Techniques and Common Knowledge (ATT&CK), ATT&CK for Left of Exploit (PRE-ATT&CK), and Common Attack Pattern Enumeration and Classification (CAPEC). The threat model is intended both to support NGCI Apex program use cases and to provide a common, consistent frame of reference for community interaction, supplementing institution-specific threat models maintained internally within individual institutions.

Note: This report is part of a larger suite of publications supporting the Next Generation Cyber Infrastructure Apex program. 


Publication Search