Standards, Frameworks, and Benchmarks
With over a dozen tactics and hundreds of techniques, MITRE Attack has become the defacto standard for event mapping. It can be used defensively to help you map both the attacks coming in against your network, as well as map your current coverage of visibility, to see where your organization can grow.

Center for Internet Security (CIS) Benchmarks and Controls

CIS has sets of helpful resources for hardening your environment. The most important for defensive specialists is the CIS Benchmarks and the CIS Controls. The CIS Benchmarks are a large collection of hardening and configuration standards of dozens of products from different vendors. To make life even easier, there are even scripts that help you set up your infrastructure to these standards. CIS Controls are documented security best practices for your network. These are incredibly valueable for improvingyour security posture, and you can even map your detection use cases to the controls that protect against certain attacks.
Understanding both of these are incredibly valueable to both your organization as well as you. Understanding the critical security controls can help you develop your own understanding of security theory. Digging into the CIS Benchmarks (especially the hardening scripts) is incredibly useful for more detailed technical knowledge of security issues.

Lockheed-Martin Cyber Kill-Chain

This is a great format for seeing the timeline of an attack. When responding to an event or alert you see from your security devices, see where they match up on the killchain and remember to look for any evidence of activity that might fall before it, or after it, in the kill-chain.
Gaining_the_Advantage_Cyber_Kill_Chain.pdf
299KB
PDF
Cyber Kill-Chain
Common and reasonably popular format that has some lacking in a granular classification of events and attacks

Other Standards

  • โ€‹NIST - Current FIPSโ€‹
  • โ€‹Common Criteria for Information Technology Security Evaluation (CC) is an international standard (ISO / IEC 15408) for computer security. It allows an objective evaluation to validate that a particular product satisfies a defined set of security requirements.
  • โ€‹ISO 22301 is the international standard that provides a best-practice framework for implementing an optimised BCMS (business continuity management system).
  • โ€‹ISO27001 is the international standard that describes the requirements for an ISMS (information security management system). The framework is designed to help organizations manage their security practices in one place, consistently and cost-effectively.
  • โ€‹ISO 27701 specifies the requirements for a PIMS (privacy information management system) based on the requirements of ISO 27001. It is extended by a set of privacy-specific requirements, control objectives and controls. Companies that have implemented ISO 27001 will be able to use ISO 27701 to extend their security efforts to cover privacy management.
  • โ€‹EU GDPR (General Data Protection Regulation) is a privacy and data protection law that supersedes existing national data protection laws across the EU, bringing uniformity by introducing just one main data protection law for companies/organizations to comply with.
  • โ€‹CCPA (California Consumer Privacy Act) is a data privacy law that took effect on January 1, 2020 in the State of California. It applies to businesses that collect California residentsโ€™ personal information, and its privacy requirements are similar to those of the EUโ€™s GDPR (General Data Protection Regulation).
  • โ€‹Payment Card Industry (PCI) Data Security Standards (DSS) is a global information security standard designed to prevent fraud through increased control of credit card data.
  • โ€‹SOC 2 is an auditing procedure that ensures your service providers securely manage your data to protect the interests of your comapny/organization and the privacy of their clients.
  • โ€‹NIST CSF is a voluntary framework primarily intended for critical infrastructure organizations to manage and mitigate cybersecurity risk based on existing best practice.
  • โ€‹Landlock LSM(Linux Security Module) is a framework to create scoped access-control (sandboxing). Landlock is designed to be usable by unprivileged processes while following the system security policy enforced by other access control mechanisms (DAC, LSM, etc.).
  • โ€‹Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots(Unified Extensible Firmware Interface (UEFI) BIOS) using only software(such as bootloaders, OS, UEFI drivers, and utilities) that is trusted by the Original Equipment Manufacturer (OEM).