11th EU MITRE ATT&CK® Community Workshop

11th EU MITRE ATT&CK® Community Workshop

Best practices for using MITRE ATT&ACK to advance threat-informed defense

CETIC intervened in this event to present the use of MITRE ATT&CK® and l’European Cybersecurity Skills Framework for Cyber Range scenario generation.

Date: 26 May 2023

Event: External activities 

Domaine: Software industry 

Innovation theme: Cyber Security 

About project: Cyber Range Scenarios (CRS2) 

Cyber ranges are dedicated platforms to train security experts in various security activities. Training scenarios aimed at improving trainees skills are mostly designed manually by security experts. This is a time consuming task. Sebastien Dupont presented some results of the CRS research project, where we propose a method and tooling to automatically generate Cyber Range configurations and security training scenarios, deploy them in a cyber range and provide training session feedback and recommendations to participants.

In order to measure the trainees skills, we rely on the new ENISA Cybersecurity Skills Framework (ECSF) which proposes an understanding of the cybersecurity professional role profiles and common mappings with the appropriate skills and competences required.

We presented how we combine the ECSF with MITRE ATT&CK and D3FEND techniques and tactics to generate scenarios that fit the trainee skills improvement objectives.

Presentation slides

View online : https://www.linkedin.com/events/11t...