Ask AI
Wiki Overview
Overview Pages
All Pages
Cybersecurity Frameworks & StandardsTOPIC OVERVIEW
An overarching guide to essential cybersecurity frameworks, integrating the newly added MITRE D3FEND alongside NIST CSF 2.0, CIS Controls v8, and MITRE ATT&CK.
Offensive Security Tools & TrainingTOPIC OVERVIEW
A grouping page introducing platforms and operating systems dedicated to penetration testing, ethical hacking, and cyber readiness. Links out to specialized entities like Kali Linux and Hack The Box.
Building a Threat-Informed Defense StrategyDEEP DIVE
A comprehensive guide on adopting a threat-informed defense strategy utilizing MITRE ATT&CK and D3FEND to map behavioral threat intelligence to precise defensive countermeasures.
MITRE ATT&CK FrameworkENTITY
Details the MITRE ATT&CK framework and its "Getting Started" roadmap for threat-informed defense, updated to include cross-references to the MITRE D3FEND framework for mapping defensive engineering.
MITRE D3FEND FrameworkENTITY
An overview of the MITRE D3FEND framework, a semantically rigorous knowledge graph that maps defensive cybersecurity countermeasures directly to offensive TTPs found in the MITRE ATT&CK framework.
CIS Control 16: Application Software SecurityDEEP DIVE
Focuses on securing the SDLC and application security principles. Updating to link with the broader CIS Critical Security Controls v8 guide.
CIS Control 18: Penetration TestingDEEP DIVE
Details penetration testing and offensive security assessments. Updating to establish a strong link to the main CIS Critical Security Controls v8 documentation.
CIS Control 17: Incident Response ManagementDEEP DIVE
Guidance on preparing for and executing incident response. Updating to add necessary cross-references to the CIS Critical Security Controls v8 wiki.
CIS Control 13: Network Monitoring and DefenseDEEP DIVE
Details network monitoring, IDS, and IPS implementations. Updating to link and contextualize within the CIS Critical Security Controls v8 framework.
CIS Control 14: Security Awareness and Skills TrainingDEEP DIVE
Explores enterprise security awareness and training programs. Updating to cross-link with the overarching CIS Critical Security Controls v8 wiki.
CIS Control 15: Service Provider ManagementDEEP DIVE
Addresses third-party risk and supply chain security. Updating to provide cohesive navigation to the central CIS Critical Security Controls v8 page.
CIS Control 12: Network Infrastructure ManagementDEEP DIVE
Best practices for managing network devices and architecture. Updating to ensure clear navigation back to the CIS Critical Security Controls v8 master page.
CIS Control 10: Malware DefensesDEEP DIVE
Covers anti-malware and endpoint protection strategies. Updating to include required links back to the central CIS Critical Security Controls v8 wiki.
CIS Control 8: Audit Log ManagementDEEP DIVE
Outlines logging and monitoring requirements. Updating to structurally link this control back to the CIS Critical Security Controls v8 parent wiki.
CIS Control 9: Email and Web Browser ProtectionsDEEP DIVE
Guidelines for securing email and web vectors. Updating to connect this specific guidance to the core CIS Critical Security Controls v8 ecosystem.
CIS Control 11: Data RecoveryDEEP DIVE
Focuses on data backup and recovery processes. Updating to integrate with the main CIS Critical Security Controls v8 structure via direct links.
CIS Control 5: Account ManagementDEEP DIVE
Focuses on identity and account management safeguards. Updating to establish a direct link to the primary CIS Critical Security Controls v8 document.
CIS Control 4: Secure Configuration of Enterprise Assets and SoftwareDEEP DIVE
Covers system hardening and secure configuration baselines. Updating to cross-reference and link to the main CIS Critical Security Controls v8 wiki.
CIS Control 6: Access Control ManagementDEEP DIVE
Examines least privilege and access control mechanisms. Updating to include a reference link to the comprehensive CIS Critical Security Controls v8 page.
CIS Control 7: Continuous Vulnerability ManagementDEEP DIVE
Details continuous vulnerability scanning and remediation practices. Updating to formally tie the page to the overarching CIS Critical Security Controls v8 framework.
CIS Control 2: Inventory and Control of Software AssetsDEEP DIVE
Detailed guidance on tracking and managing software assets. Updating to connect this safeguard explicitly with the broader CIS Critical Security Controls v8 page.
CIS Control 3: Data ProtectionDEEP DIVE
Explores strategies for enterprise data protection. Updating to ensure clear linkages to the central CIS Critical Security Controls v8 wiki page.
CIS Control 1: Inventory and Control of Enterprise AssetsDEEP DIVE
Detailed guidance on asset inventory and control. Updating to add direct links and contextual integration with the main CIS Critical Security Controls v8 wiki.
CIS Critical Security Controls Version 8ENTITY
Overview of the CIS Critical Security Controls v8 framework. Updating to serve as the central hub linking to all 18 individual deep-dive pages for the specific controls.
Enterprise Cybersecurity Risk ManagementDEEP DIVE
Explores holistic approaches to managing organizational cyber risk by combining the NIST CSF core functions and the NIST 800-53 control catalog. It provides actionable strategies for assessing security posture and communicating risks to stakeholders.
Secure by Design & Default PracticesDEEP DIVE
Analyzes the practical integration of Secure by Design and Default principles across the digital product lifecycle. It heavily draws on ENISA's SME playbook and the EU Cyber Resilience Act, detailing automated attestation and security manifests.
Kali LinuxENTITY
Profiles Kali Linux, a specialized operating system equipped with a pre-configured suite of tools for penetration testing and ethical hacking. It highlights the platform's versatility across multiple environments and devices.
Hack The BoxENTITY
Details Hack The Box, a leading cybersecurity training platform offering hands-on simulations and an AI cyber range. It outlines how HTB maps to NIST and MITRE standards to validate organizational resilience.
ENISA NIS2 Technical Implementation GuidanceENTITY
Examines ENISA's technical guidance for implementing cybersecurity risk-management measures under the EU's NIS2 Directive. It covers 13 core areas including incident handling and network resilience to harmonize EU cyber defense.
OWASP Top 10ENTITY
Covers the OWASP Top 10, a globally recognized standard detailing the most critical security risks to web applications. It serves as a foundational guide for developers aiming to implement secure coding practices.
NIST Cybersecurity Framework (CSF) 2.0ENTITY
Details the updated NIST CSF 2.0, which helps organizations manage cyber risks using six core functions: Govern, Identify, Protect, Detect, Respond, and Recover. It emphasizes governance, supply chain management, and organizational profiles.
NIST SP 800-53 Revision 5ENTITY
A deep dive into NIST SP 800-53 Revision 5, a comprehensive catalog of security and privacy controls. It outlines flexible, customizable safeguards designed to protect organizational operations and information systems.
PDF Document
D3FEND
MITRE researchers introduced D3FEND, a semantically rigorous knowledge graph designed to provide a standardized, engineering-level understanding of how cybersecurity countermeasures function. By mapping defensive capabilities to offensive TTPs within the ATT&CK framework, D3FEND enables practitioners to precisely evaluate the applicability and limitations of security solutions. The framework was built by analyzing over 500 patents and research sources, establishing a foundation for automated knowledge discovery through future machine learning integration.
PDF Document
getting-started-with-attack-october-2019
The MITRE ATT&CK "Getting Started" guide provides a tiered roadmap for organizations to adopt a threat-informed defense across four key areas: threat intelligence, detection, adversary emulation, and engineering. Focusing on threat intelligence, the guide details how teams can progress from analyzing known adversary groups to independently mapping intelligence reports and prioritizing defensive strategies based on behavioral data. This modular approach is designed to help cybersecurity professionals improve their defenses regardless of their current maturity or resource levels.
Web Page
OWASP Top 10
The OWASP Top 10 is a globally recognized standard that identifies the most critical security risks facing web applications based on broad industry consensus. It serves as an essential guide for developers to implement secure coding practices and helps organizations foster a culture of software security. The project maintains regularly updated versions, including the current 2025 release, and offers extensive translations to support global accessibility.
Web Page
Kali
Kali Linux is a specialized platform for penetration testing and ethical hacking, providing security professionals with a pre-configured suite of tools for streamlined assessment and reporting. It is highly versatile and adaptable, offering extensive customization options and compatibility across various environments, including mobile devices, cloud platforms, virtual machines, and multiple desktop interfaces.
Web Page
Hack the Box
Hack The Box is a leading cybersecurity training platform that provides hands-on, real-world simulations for individuals, enterprises, and governments to develop offensive and defensive expertise. The platform has recently expanded its ecosystem by launching a pioneering AI cyber range and establishing strategic partnerships with Google and LinkedIn Learning to scale cyber readiness. By mapping content to industry standards like MITRE and NIST, HTB enables organizations to validate operational resilience through live-fire exercises and multi-stage threat scenarios.
PDF Document
240_enisa_secure_by_design_and_default_playbook_v04
The ENISA playbook provides a practical framework for SMEs to integrate "Security by Design" and "Security by Default" principles throughout the digital product lifecycle. It offers actionable playbooks and technical guidance mapped to the EU Cyber Resilience Act to help organizations with limited resources systematically implement, document, and verify security controls. Furthermore, the guide introduces machine-readable security manifests to support automated attestation and the continuous monitoring of a product's security posture.
PDF Document
NIST.SP.1299
The NIST Cybersecurity Framework (CSF) 2.0 is a comprehensive guide designed to help organizations manage and reduce cybersecurity risk through six core functions: Govern, Identify, Protect, Detect, Respond, and Recover. It utilizes Organizational Profiles and Tiers to help entities assess their current posture and provides a suite of supplemental resources, such as Quick Start Guides and implementation examples, to facilitate practical application. This framework is designed to foster internal communication and integrate cybersecurity into broader enterprise risk management strategies.
PDF Document
CIS_Controls__v8__Critical_Security_Controls__2023_08
The CIS Critical Security Controls Version 8 is a collaborative cybersecurity framework that outlines 18 essential safeguards designed to protect enterprise assets, data, and software. The document provides prioritized guidance on critical security functions, including asset inventory, access management, vulnerability monitoring, and incident response. Additionally, it offers technical definitions and implementation strategies to help organizations build a robust and modern security ecosystem.
PDF Document
ENISA_Technical_implementation_guidance_on_cybersecurity_risk_management_measures_version_1.0
ENISA’s technical guidance provides actionable advice and evidence examples to help digital infrastructure and ICT service providers implement the cybersecurity risk-management requirements of EU Regulation 2024/2690 under the NIS2 Directive. It covers 13 core areas—such as incident handling, supply chain security, and network resilience—while mapping these requirements to recognized international standards and best practices. This non-binding manual serves as a living resource to harmonize cybersecurity resilience across the EU and support national authorities in supervising compliance.
PDF Document
NIST.SP.800-53r5
NIST Special Publication 800-53 Revision 5 provides a comprehensive catalog of security and privacy controls designed to protect organizational operations, assets, and individuals from a wide range of threats and risks. These flexible and customizable controls address both functionality and assurance to ensure the trustworthiness of information systems through an integrated, organization-wide risk management process.
PDF Document
NIST.CSWP.29
The NIST Cybersecurity Framework (CSF) 2.0 is a flexible, technology-neutral guide designed to help organizations of all sizes manage, prioritize, and communicate their cybersecurity risks. It utilizes three main components—the Core, Organizational Profiles, and Tiers—to help entities assess their current security posture and define target outcomes. This updated version places a heightened emphasis on governance and supply chain management while providing an expanded suite of online resources and implementation examples to support diverse organizational needs.