Codify knowledge about attacks using CyCD A S S A/ Teknowledge
Codify knowledge about attacks using CyC
Use Jigsaw?
Level of planning: Not a single enclave
Get intrusion reports
from multiple enclaves
Go
from low-level "resources" to low-level "mission"
Abstract
common threads - go to
higher-level "mission"
Abstract
model of mission
Goal
> where to go : requires mission
MISSION
> "plan" to reach goal : requires resources
RESOURCES
> what attacker goes for : attacker's goal
- mission: plan to disrupt
- resources: what used to.....
TACTICAL vs. STRATEGIC
> look at Jigsaw