Common Attack Process Framework for Incident Mapping

There are too many attack frameworks! While there can be value in this, because of their complexity it often requires companies to leverage multiple ones, thus, confusing things! So, we have looked at both cyber and physical attacks and determined there are certain things that occur in all attacks.

There are too many attack frameworks! While there can be value in this, it often causes organizations to either choose one or multiple frameworks to fulfill differing requirements. This adds to an already overburdened security team. However, having reviewed multiple cyber and physical attacks, we have determined there are commonalities in all incidents which can be mapped. As a result, we have developed the Common Attack Process Framework for Incident Mapping. This framework provides defenders with a means to better understand exactly how the attacker will operate. For example, the framework walks the defender through the process, beginning with initial reconnaissance to the end game of completing the mission. Furthermore, the framework does not limit itself to any particular level of operation. Meaning, at any level of the organization, the adversary’s actions can be mapped to a stage of the CAPF. Being able to have a single attack framework that organizations can study will free up many resources. It will also allow different companies to efficiently interact with one another when a similar/same threat actor breaches their security.

We will not have any special technical needs other than being able to plug in our laptop to present slides. There will be two presenters: Megan and Steve. This is a new concept and was recently published in a peer-reviewed journal (International Journal of Cyber Research and Education Vol 3 Nr 2). Steve is the primary author of the article and Megan is one of his students. Therefore, they constitute the foremost experts on the Common Attack Process Framework.