Re: Zero Trust Architecture: ISO vs. MITRE ATTACK

Caute_cautim · ‎08-20-2024

Hi All

A great resource:

https://jasonlayton.com/cybersecurity/8-2024/zero-trust-architecture-iso-vs-mitre-attack

Regards

Caute_Cautim

CST71 · ‎09-02-2024

Hi Caute,

Thank you for the great resource. I have a question: what are your thoughts on adding AI-based network detection and response to NIST 800-53 and the MITRE framework? Is it feasible for SMBs to do that, though? Thank you in advance.

Caute_cautim · ‎09-16-2024

@CST71 First of all apologies for my tardy response - I was changing organisations and going through the disruption process of handing back equipment and being terminated as one should be when you leave one organisation and go to another.

My thoughts, a good idea - depending on what perspective you are coming from - from a Cloud Provider perspective, they are likely to add it as a service or a feature. Azure Well Architected Framework - provides a self assessment tool, as long as you enable the paid subscription version of Defender for Cloud.

Given the availability of various AI models, it would not surprise me that will feed NIST SP800-53 and compare with the MITRE framework and experiment with it. Early models would have to be thoroughly tested to ensure they work corrected or adjusted accordingly.

Regards

Caute_Cautim

CST71 · ‎09-18-2024

Hi Caute,

Thank you so much for your response. I hope you are enjoying your new role!

What I find helpful is your perspective on cloud providers adding AI-based network detection and response as a service or feature.

Thanks again!