Join Rockie Brockway, Practice Lead, Office of the CSO at TrustedSec for a unique discussion of 10 Things I Hate About TCAP
Well, maybe not ten, but ... Practitioners of the quantitative risk framework Factor Analysis of Information Risk (FAIR) will already be familiar with the Threat Capability (TCAP) variable. I've historically been frustrated determining whether a threat-actor is in the upper 2% of the threat community, in the 85th percentile of the threat community continuum, or even some blend of such rating systems. Yet, even when one lands on a final TCAP rating, the FAIR framework is missing crucial threat-actor variables that should contribute to the final risk derivations, including actor motivation and attack complexity. Relatively recent research and resources, such as the MITRE ATT&CK framework, provide additional insight into many of today's known, active threat-actor groups, and the techniques they use, that can be used to further define the TCAP variable.
Go to registration page below for full description.