Defensive Cybersecurity

Responsible for analyzing data collected from various cybersecurity defense tools to mitigate risks.

  • T0020: Develop content for cyber defense tools
  • T0164: Perform cyber defense trend analysis and reporting
  • T0292: Recommend computing environment vulnerability corrections
  • T0299: Identify network mapping and operating system (OS) fingerprinting activities
  • T1020: Determine the operational and safety impacts of cybersecurity lapses
  • T1021: Review cyber defense service provider reporting structure
  • T1084: Identify anomalous network activity
  • T1085: Identify potential threats to network resources
  • T1112: Validate network alerts
  • T1119: Recommend vulnerability remediation strategies
  • T1176: Determine if cybersecurity-enabled products reduce identified risk to acceptable levels
  • T1177: Determine if security control technologies reduce identified risk to acceptable levels
  • T1241: Document cybersecurity incidents
  • T1242: Escalate incidents that may cause ongoing and immediate impact to the environment
  • T1254: Determine the effectiveness of an observed attack
  • T1266: Recommend risk mitigation strategies
  • T1278: Recommend system modifications
  • T1290: Communicate daily network event and activity reports
  • T1299: Determine causes of network alerts
  • T1347: Detect cybersecurity attacks and intrusions
  • T1348: Distinguish between benign and potentially malicious cybersecurity attacks and intrusions
  • T1349: Communicate cybersecurity attacks and intrusions alerts
  • T1350: Perform continuous monitoring of system activity
  • T1351: Determine impact of malicious activity on systems and information
  • T1384: Establish intrusion set procedures
  • T1385: Identify network traffic anomalies
  • T1386: Analyze network traffic anomalies
  • T1387: Validate intrusion detection system alerts
  • T1388: Isolate malware
  • T1389: Remove malware
  • T1390: Identify network device applications and operating systems
  • T1391: Reconstruct malicious attacks
  • T1406: Construct cyber defense network tool signatures
  • T1428: Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cybersecurity incidents
  • T1539: Analyze organizational cybersecurity posture trends
  • T1540: Develop organizational cybersecurity posture trend reports
  • T1541: Develop system security posture trend reports
  • T1548: Determine adequacy of access controls
  • T1582: Maintain currency of cyber defense threat conditions
  • T1583: Determine effectiveness of system implementation and testing processes
  • T1603: Recommend threat and vulnerability risk mitigation strategies
  • T1615: Advise stakeholders on vulnerability compliance
  • T1616: Resolve computer security incidents
  • T1618: Advise stakeholders on disaster recovery, contingency, and continuity of operations plans