Esc
Model
Definition
The model tactic is used to apply security engineering, vulnerability, threat, and risk analyses to digital systems. This is accomplished by creating and maintaining a common understanding of the systems being defended, the operations on those systems, actors using the systems, and the relationships and interactions between these elements.
Techniques
There are 27 techniques in this category, Model.
| Name | ID | Definition | Synonyms |
|---|---|---|---|
| Asset Inventory | D3-AI | Asset inventorying identifies and records the organization's assets and enriches each inventory item with knowledge about their vulnerabilities. | Asset Discovery , and Asset Inventorying |
| - Container Image Analysis | D3-CIA | Analyzing a Container Image with respect to a set of policies. | Container Image Scanning |
| - Software Inventory | D3-SWI | Software inventorying identifies and records the software items in the organization's architecture. | Software Discovery , and Software Inventorying |
| - Asset Vulnerability Enumeration | D3-AVE | Asset vulnerability enumeration enriches inventory items with knowledge identifying their vulnerabilities. | |
| - Network Node Inventory | D3-NNI | Network node inventorying identifies and records all the network nodes (hosts, routers, switches, firewalls, etc.) in the organization's architecture. | System Discovery , and System Inventorying |
| - Hardware Component Inventory | D3-HCI | Hardware component inventorying identifies and records the hardware items in the organization's architecture. | Hardware Component Discovery , and Hardware Component Inventorying |
| - Configuration Inventory | D3-CI | Configuration inventory identifies and records the configuration of software and hardware and their components throughout the organization. | |
| - Data Inventory | D3-DI | Data inventorying identifies and records the schemas, formats, volumes, and locations of data stored and used on the organization's architecture. | Data Discovery , and Data Inventorying |
| Network Mapping | D3-NM | Network mapping encompasses the techniques to identify and model the physical layer, network layer, and data exchange layers of the organization's network and their physical location, and determine allowed pathways through that network. | |
| - Direct Physical Link Mapping | D3-DPLM | Direct physical link mapping creates a physical link map by direct observation and recording of the physical network links. | Manual Physical Link Mapping |
| - Physical Link Mapping | D3-PLM | Physical link mapping identifies and models the link connectivity of the network devices within a physical network. | Layer 1 Mapping |
| - Network Traffic Policy Mapping | D3-NTPM | Network traffic policy mapping identifies and models the allowed pathways of data at the network, tranport, and/or application levels. | Firewall Mapping , DLP Policy Mapping IPS Policy Mapping , and Web Security Gateway Policy Mapping |
| - Logical Link Mapping | D3-LLM | Logical link mapping creates a model of existing or previous node-to-node connections using network-layer data or metadata. | |
| - Network Vulnerability Assessment | D3-NVA | Network vulnerability assessment relates all the vulnerabilities of a network's components in the context of their configuration and interdependencies and can also include assessing risk emerging from the network's design as a whole, not just the sum of individual network node or network segment vulnerabilities. | |
| - Active Logical Link Mapping | D3-ALLM | Active logical link mapping sends and receives network traffic as a means to map the whole data link layer, where the links represent logical data flows rather than physical connection | |
| - Active Physical Link Mapping | D3-APLM | Active physical link mapping sends and receives network traffic as a means to map the physical layer. | Active Physical Layer Mapping |
| - Passive Logical Link Mapping | D3-PLLM | Passive logical link mapping only listens to network traffic as a means to map the the whole data link layer, where the links represent logical data flows rather than physical connections. | Passive Logical Layer Mapping |
| Operational Activity Mapping | D3-OAM | Operational activity mapping identifies activities of the organization and the organization's suborganizations, groups, roles, and individuals that carry out the activities and then establishes the dependencies of the activities on the systems and people that perform those activities. | Mission Mapping |
| - Operational Dependency Mapping | D3-ODM | Operational dependency mapping identifies and models the dependencies of the organization's activities on each other and on the organization's performers (people, systems, and services.) This may include modeling the higher- and lower-level activities of an organization forming a hierarchy, or layering, of the dependencies in an organization's activities. | |
| - Operational Risk Assessment | D3-ORA | Operational risk assessment identifies and models the vulnerabilities of, and risks to, an organization's activities individually and as a whole. | Mission Risk Assessment |
| - Organization Mapping | D3-OM | Organization mapping identifies and models the people, roles, and groups with an organization and the relations between them. | |
| - Access Modeling | D3-AM | Access modeling identifies and records the access permissions granted to administrators, users, groups, and systems. | |
| System Mapping | D3-SYSM | System mapping encompasses the techniques to identify the organization's systems, how they are configured and decomposed into subsystems and components, how they are dependent on one another, and where they are physically located. | |
| - Service Dependency Mapping | D3-SVCDM | Service dependency mapping determines the services on which each given service relies. | Distributed Tracing |
| - System Dependency Mapping | D3-SYSDM | System dependency mapping identifies and models the dependencies of system components on each other to carry out their function. | |
| - System Vulnerability Assessment | D3-SYSVA | System vulnerability assessment relates all the vulnerabilities of a system's components in the context of their configuration and internal dependencies and can also include assessing risk emerging from the system's design as a whole, not just the sum of individual component vulnerabilities. | |
| - Data Exchange Mapping | D3-DEM | Data exchange mapping identifies and models the organization's intended design for the flows of the data types, formats, and volumes between systems at the application layer. | Information Exchange Mapping , and Data Flow Mapping |
D3FEND™
A knowledge graph of cybersecurity countermeasures