Cyber Threat Management Framework (CTMF) Project

OODA loop

CTMF Benefits

The cyber threat landscape continues to evolve fast. It is clear most don't have a good strategy to manage these threats. The CTMF is like a blueprint for successfully managing cyber threats including how to organize the efforts, best practices, and state of the art techniques.

The key benefits of CTMF are:

Early detection of threats
Instant recognition of potential impact
Faster decision for expedient, damage limiting actions

CTMF Overview

CTMF is a comprehensive framework

build upon the OODA (Observe, Orient,

Decide, Act) decision cycle that enables

cyber threat management with the

speed and agility needed in today's

real-time dynamic threat environment.

Observe

Detect use case development

Content architecture

Use case optimization

Use case control testing

Honeypot development

Sensor data

Use case cost modeling

Orient

Intelligence gathering

Intelligence data mining

Risk assessment

Control assessment

Behavior modeling

Context enrichment

Threat data warehousing

Security Data Science

Decide

Situational awareness

Automated triage

Security analyst (human) triage

Act

Malware Analysis

Automating responses

Incidents Response

Response operations

Security Operations Center

Volunteer Opportunities

We are excited to be developing the world’s first independent framework for CTM and this is a true ground floor opportunity for experienced professionals to take part in the success of IOCTM. We are looking to add industry professionals with demonstrated expertise in major subject matter areas of CTM including:

Intelligence research and gathering
Automating intelligence data management
Threat intel exchange and information standards STIX, TAXII
Data management constructs CybOX, MAEC, CAPEC and CPE
Asset management in the context of prioritizing and categorizing threats
Advanced SIEM use cases for operationalizing the management of threat data, mapping them to business rules
Security Intelligence – using Bigdata analytics, behavioral profiling and other data science techniques to discover threats from ordinary system or operational data
Manual and automated end-point and network forensics
Incident Response including automating IR and automating response
Malware analysis including setting up automated analysis environments based on commercial or open source tools such as Cuckoo sandbox
Secure Operations Center (SOC) analysts, management and support personnel
Threat management metrics, VERIS, Cyber Kill Chain, etc.

We are currently forming the CTMF working group. Please join us if you'd like to get involved or access related content.

Email: memberadmin at ioctm.org

Privacy and Security

Site map