WEBVTT

00:00.000 --> 00:01.740
>> Welcome to Module 2,

00:01.740 --> 00:05.200
Lesson 3, quantitative
scorecard.

00:06.500 --> 00:09.540
In this lesson, we
will explore how

00:09.540 --> 00:11.760
ATT&CK can help us
produce and track

00:11.760 --> 00:14.250
various cybersecurity
metrics and

00:14.250 --> 00:15.330
appreciate the types of

00:15.330 --> 00:18.550
questions that these metrics
can help us address.

00:21.290 --> 00:25.320
A very common but also very
hard question to answer,

00:25.320 --> 00:28.155
is how can we measure our
cybersecurity posture?

00:28.155 --> 00:30.269
Because as we know,
cybersecurity

00:30.269 --> 00:32.235
is not an easy
value to quantify,

00:32.235 --> 00:35.310
but our ability to track
progress and growth

00:35.310 --> 00:39.010
over time is vital for
cybersecurity success.

00:40.340 --> 00:42.525
This is where ATT&CK comes in.

00:42.525 --> 00:43.940
We can use ATT&CK to produce

00:43.940 --> 00:45.620
a quantitative scorecard that

00:45.620 --> 00:46.760
helps us understand where we are

00:46.760 --> 00:49.740
today and where we
need to be tomorrow.

00:51.370 --> 00:55.130
For example, we can
document our priorities

00:55.130 --> 00:56.705
by highlighting the techniques

00:56.705 --> 00:59.280
that are most critical
for us to defend.

01:03.250 --> 01:06.560
We can also identify
gaps by selecting

01:06.560 --> 01:10.080
the subset of techniques
that we have defenses for.

01:10.870 --> 01:15.109
This process analysis can
inform decision-making,

01:15.109 --> 01:16.595
particularly in this case,

01:16.595 --> 01:19.100
by comparing what techniques
are most important to us,

01:19.100 --> 01:20.705
with what techniques
we have defenses for.

01:20.705 --> 01:23.480
We can identify where
we need to improve.

01:23.960 --> 01:27.275
That was just one notional
and very simple way

01:27.275 --> 01:29.750
of using ATT&CK as a
quantitative scorecard.

01:29.750 --> 01:31.670
We can do a similar approach for

01:31.670 --> 01:33.590
the various other
metadata ATT&CK,

01:33.590 --> 01:34.715
such as data sources,

01:34.715 --> 01:38.820
detections and analytics,
mitigations and more.

01:40.820 --> 01:42.950
With that, we've reached

01:42.950 --> 01:44.645
our knowledge check
for Lesson 3.

01:44.645 --> 01:47.240
True or false, ATT&CK
will explicitly

01:47.240 --> 01:48.440
provide a score of how

01:48.440 --> 01:50.420
safe your organization's
defenses are.

01:50.420 --> 01:52.580
Please pause the video
and take a second to

01:52.580 --> 01:55.560
think of the correct
answer before proceeding.

01:59.620 --> 02:03.275
In this case, the
correct answer is false.

02:03.275 --> 02:05.580
ATT&CK provides means of

02:05.580 --> 02:07.185
creating a quantitative
scorecard,

02:07.185 --> 02:08.990
but it's up to you to provide

02:08.990 --> 02:11.550
the inputs and the analysis.

02:13.730 --> 02:17.010
With that we've reached
the end of Lesson 3.

02:17.010 --> 02:19.370
In summary, we can use ATT&CK to

02:19.370 --> 02:21.650
build quantitative
scorecards that enable

02:21.650 --> 02:23.960
us to ask tough questions
and measure how

02:23.960 --> 02:27.570
our defenses compare against
real adversary behaviors.