Enterprise Threat Model Technical Report-Cyber Threat Model for a Notional Financial Services Sector Institution

November 2018
Topics: Next Generation Cyber Infrastructure, Cybersecurity, Network Security
David B. Fox, The MITRE Corporation
Eric I. Arnoth, The MITRE Corporation
Dr. Clement W. Skorupka, The MITRE Corporation
Catherine D. McCollum, The MITRE Corporation
Download PDF (1.71 MB)

This technical report applies the expanded threat model described in a related publication to the institution/enterprise level reflecting attacker methods at a level relevant to implementation. It describes a representative notional financial services sector institution, identifies where in its enterprise architecture the threat events from the high-level threat model are applicable, and uses a specific scenario to illustrate the use of detailed threat event information.

Note: This report is part of a larger suite of publications supporting the Next Generation Cyber Infrastructure Apex program. 

Publications

Interested in MITRE's Work?

MITRE provides affordable, effective solutions that help the government meet its most complex challenges.
Explore Job Openings

Publication Search

MITRE is proud to be an equal opportunity employer. MITRE recruits, employs, trains, compensates, and promotes regardless of age, color, race, disability, marital status, national and ethnic origin, political affiliation, religion, sexual orientation, gender identity, veteran status, family medical or genetic information, and other protected status.

MITRE intends to maintain a website that is fully accessible to all individuals. If you are unable to search or apply for jobs and would like to request a reasonable accommodation for any part of MITRE’s employment process, please contact MITRE’s Recruiting Help Line at 703-983-8226 or email at recruitinghelp@mitre.org

Copyright © 1997-2020, The MITRE Corporation. All rights reserved.
MITRE is a registered trademark of The MITRE Corporation. Material on this site may be copied and distributed with permission only.