Principle 16: Identify TTPs
| No: 43065348 | Date(g): 27/2/2022 | Date(h): 26/7/1443 |
Effective from Feb 27 2022 - Feb 26 2022
To view other versions open the versions tab on the right
Member Organizations should analyze the information collected from sources related to relevant threat actors, tools, or malware to identify relevant Techniques, Tactics, and Procedures (TTPs). In addition, Member Organizations should adopt a taxonomy of attacks and classification of such TTPs (e.g. MITRE ATT&CK). Based on the defined taxonomy, they should build threat actor behavior profiles and identify techniques used by threat actors. Member Organizations should rely also on Indicators of Compromise (loCs) for the identification of these TTPs.