The vulnerabilities of your infrastructure to various attacks must be assessed to understand the risks
The first step is to identify your critical processes and the systems on which they depend. A Crown Jewels Analysis (CJA) is a structured approach to capturing dependencies
Cyber Operations Rapid Assessment (CORA) is a tool to assess your overall cyber security operations and infrastructure
We have created a specific view within the ATT&CK Navigator that shows some of the known ransomware actors and their tactics and techniques
Once this is understood, the intersection of known threats with critical systems and existing defenses will help assess the risk your organization faces
Risk assessment will allow you to prioritize your investments in mitigations
Once you have determined your vulnerabilities and the gaps in your defenses, the next step is to decide how to implement the available mitigations
NIST Ransomware Practice Guides give reference designs to remediate gaps using existing commercial products
No matter how strong your defenses, determined adversaries may penetrate. Implementing resiliency techniques will allow continuation of critical operations during a successful attack.
Once you have determined your vulnerabilities and the gaps in your defenses, the next step is to decide how to implement the available mitigations
NIST Ransomware Practice Guides give reference designs to remediate gaps using existing commercial products
No matter how strong your defenses, determined adversaries may penetrate. Implementing resiliency techniques will allow continuation of critical operations during a successful attack.
