Professional Documents
Culture Documents
Contact Us
RESOURCES
THOUGHTS AND ARTICLES FROM
OUR TECHNICAL TEAM
TECH BLOG
Ensuring S
Complianc
Based SIE
BY ILYASS AO
The framework is organised into tactics and techniques, with tactics representing the overarching
goals of an attack and techniques being the specific methods used to achieve those goals. The
framework covers a wide range of cyber threats, including Advanced Persistent Threats (APTs),
malware, and ransomware attacks.
https://riversafe.co.uk/resources/tech-blog/integrating-the-mitre-attck-into-your-incident-response-plan/ 1/4
02/11/2023, 20:48 Make the MITRE ATT&CK Framework Part Of Your Incident Response Plan To Stay Ahead of Threats | RiverSafe
are some steps to follow to integrate the MITRE ATT&CK framework into your incident response plan:
Contact Us
The first step is to identify the relevant tactics and techniques for your organisation. This involves
reviewing the MITRE ATT&CK framework and selecting the tactics and techniques that are most
relevant to your organisation’s infrastructure, assets, and threat landscape.
For example, if your organisation uses cloud services, you may want to focus on tactics and techniques
related to cloud security, such as using stolen credentials to access cloud services or exploiting
misconfigured cloud environments.
Once you have identified the relevant tactics and techniques, the next step is to map them to your
incident response plan. This involves identifying the specific steps that need to be taken to detect and
respond to each tactic and technique.
For example, if a malware attack is detected, your incident response plan may include steps such as
isolating infected machines, conducting malware analysis, and patching vulnerabilities that were
exploited.
Once you have mapped the tactics and techniques to your incident response plan, the next step is to
develop detection and response playbooks. These playbooks are detailed plans that outline the
specific steps that need to be taken to detect and respond to each tactic and technique.
For example, your detection and response playbook for a malware attack may include steps such as
monitoring network traffic for suspicious activity, analysing system logs for signs of malware activity,
and conducting a threat hunt to identify the source of the attack.
The final step is to test and refine your incident response plan. This involves conducting regular
simulations and exercises to test the effectiveness of your plan and identify areas for improvement.
For example, you may conduct a tabletop exercise where your incident response team works through
a simulated attack scenario using your detection and response playbooks. This can help identify any
gaps or weaknesses in your plan and enable you to refine your processes and procedures
By mapping the tactics and techniques to your incident response plan, you can improve your
organisation’s ability to detect and respond to cyber threats. This structured approach ensures that
your incident response team has a clear understanding of the steps that need to be taken to detect
and respond to each type of attack.
• BETTER COLLABORATION
Integrating the MITRE ATT&CK framework into your incident response plan can promote enhanced
collaboration across teams within your organization. By using a common language to describe tactics
and techniques, all teams can communicate more effectively, leading to more efficient and effective
incident response.
The MITRE ATT&CK framework has become a widely recognised standard in the cybersecurity
industry. By integrating the framework into your incident response plan, you can demonstrate to
regulators, auditors, and customers that your organization is committed to using best practices in
incident response.
By using the MITRE ATT&CK framework to map tactics and techniques to your incident response plan,
you can identify gaps in your plan and improve your processes and procedures. Regular testing and
refinement of your plan based on the latest threats can help ensure that your organisation is prepared
to respond effectively to cyberattacks.
Conclusion
Integrating the MITRE ATT&CK framework into your incident response plan can help your organisation
improve its ability to detect and respond to cyber threats, promote collaboration across teams, stay up
to date with the latest threats, comply with industry standards, and improve your overall incident
response planning.
By following the steps outlined above, your organisation can take advantage of the benefits of the
MITRE ATT&CK framework and better protect your assets and data from cyber threats.
Looking for help with your cyber security strategy? Contact us to see how we can help
BY VINAYA SHESHADRI
Back to Resources
https://riversafe.co.uk/resources/tech-blog/integrating-the-mitre-attck-into-your-incident-response-plan/ 3/4
02/11/2023, 20:48 Make the MITRE ATT&CK Framework Part Of Your Incident Response Plan To Stay Ahead of Threats | RiverSafe
Privacy Policy . C
Contact Us
https://riversafe.co.uk/resources/tech-blog/integrating-the-mitre-attck-into-your-incident-response-plan/ 4/4