This is an overview of terms and concepts I use.
MITRE ATT&CK
MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
attack.mitre.org
Describing the what and how in cyber operations is possible to do using different naming conventions. I will standardize on ATTACK to ensure consistency.
Words of estimative probability
A pioneer in formal intelligence analysis, Sherman Kent introduced words of estimative probability. This was an effort to make clear what is certain and what is a judgement, and the certainty of the judgement.
| Kent’s Words of Estimative Probability | ||
|---|---|---|
| Certain | 100% | Give or take 0% |
| The General Area of Possibility | ||
| Almost Certain | 93% | Give or take about 6% |
| Probable | 75% | Give or take about 12% |
| Chances About Even | 50% | Give or take about 10% |
| Probably Not | 30% | Give or take about 10% |
| Almost Certainly Not | 7% | Give or take about 5% |
| Impossible | 0 | Give or take 0% |
Cyber in the middle 