Security Assessment Rating Framework for Enterprises using MITRE ATT&CK Matrix

Abstract: Threats targeting cyberspace are becoming more prominent and intelligent day by day. This inherently leads to a dire demand for continuous security validation and testing. Using this paper, we aim to provide a holistic and precise security analysis rating framework for organizations that increases the overall coherency of the outcomes of such testing. This scorecard is based on the security assessment performed following the globally accessible knowledge base of adversary tactics and techniques called the MITRE ATTACK matrix. The scorecard for an evaluation is generated by ingesting the security testing results into our framework, which provides an organizations overall risk assessment rating and the risk related to each of the different tactics from the ATTACK matrix.