Enhanced Cyber Threat Model for Financial Services Sector InstitutionsNovember 2018
Topics: Next Generation Cyber Infrastructure, Cybersecurity, Network Security
In this report, the high-level model described in a related publication, is expanded into a more detailed threat model, reflecting attacker methods at a level relevant to implementation with respect to a generic FSS institution. Attacker methods are drawn from MITRE and cyber defense community sources including Adversary Tactics Techniques and Common Knowledge (ATT&CK), ATT&CK for Left of Exploit (PRE-ATT&CK), and Common Attack Pattern Enumeration and Classification (CAPEC). The threat model is intended both to support NGCI Apex program use cases and to provide a common, consistent frame of reference for community interaction, supplementing institution-specific threat models maintained internally within individual institutions.
Note: This report is part of a larger suite of publications supporting the Next Generation Cyber Infrastructure Apex program.