Definitions

Data Source

A data source represents the various subject/topic of information that can be collected by sensors/logs.

Insider Threat

An insider threat is defined as the person that will use their authorized access, wittingly or unwittingly, to do harm to the department’s mission, resources, personnel, facilities, information, equipment, networks, or systems.

Mitigation

A mitigation represents a security concept and class of technologies that can be used to prevent a technique or sub-technique from being successfully executed.

MITRE ATT&CK®

MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

Observable Human Indicator

An observable human indicator (OHI) is an objective or quantifiable fact about a person, their job or their role. These indicators do not involve beliefs, feelings, or opinions nor are they related to a person’s race, color, national origin, religion, sex, age, or disability. We hope that by collecting this data, we will gain insight into the types of individuals more likely to become insider threats.

Procedure

A procedure is the specific implementation the adversary uses for techniques or sub-techniques.

Tactic

A tactic represents the “why” of an ATT&CK technique or sub-technique.

Technique

A technique represents how an adversary achieves a tactical goal by performing an action.