TLCTC Logo

Top Level Cyber Threat Clusters

A Universal Framework for Cyber Threat Categorization

White Paper V1.6.3

The Top Level Cyber Threat Clusters (TLCTC) framework serves as a "Rosetta Stone" connecting strategic planning to operational security through logically-derived, non-overlapping threat categories. This fills a critical gap in current standards while complementing existing risk management approaches.

The TLCTC Advantage

Addressing the fragmentation in cyber threat communication and categorization.

Universal Taxonomy

Provides 10 logically-derived, non-overlapping threat categories for comprehensive understanding.

Bridge Strategy & Operations

Creates a common language for CISOs, security teams, and risk managers.

Framework Agnostic

Complements and enhances existing standards like MITRE ATT&CK, NIST CSF, and FAIR.

Why TLCTC? (Intro)

The Problem TLCTC Solves

The 10 Top Level Cyber Threat Clusters

The foundational building blocks for understanding *how* adversaries operate. Click to explore definitions.

Core Concepts & Framework Synergy

Understanding TLCTC's foundational elements and its powerful integration with existing cybersecurity standards.

Key Concept Components

TLCTC Definitions

  • Axioms (check white paper)
  • The Thought Experiment
  • Definitions and Clarifications
  • Definitions (incl. JSON)
  • Glossary
  • Enumeration V2.0
  • WP Section

Concept Applicability

  • Scope of Software and Hardware
  • at Interface Level (API)
  • at Function Call Level
  • Vertical Stack Application
  • WP Section
Bow-TieBridging Strategy & Operations
  • Strategic Management Layer & Architecture
  • Operational Layer
  • CISO's Guide
  • WP Section
Cyber Bow-TieCyber Bow Tie
  • Basic Bow-Tie & Event Chains
  • Alternative Visualization (V2)
  • CISO's Guide
  • WP Section

Framework Integration

NIST CSFNIST CSF
  • Identify, Protect, Detect alignment
  • NIST CSF Integration
  • NIST AI RMF 1.0 - NIST AI 100-1 - NIST AI 600-1 Integration
  • WP Section

SSDLC

  • Developer Exp. Blog
  • Coding vs Programming
  • SonarQube & CWE
  • NIST SP 800-218 (SSDF)
  • PASTA Example
  • IEC 62443 Example
  • WP Section
MITREMITRE (Overview )
  • ATT&CK Enterprise Initial
  • CWE Alignment
  • MITRE Atlas AI (AML)
  • CAPEC Integration
  • ATT&CK & STIX

STIX/TAXII

  • Enhancing STIX

VERIS Framework

  • VERIS Example

NVD CVE Enhancement

  • Enhancing CVE Details

Vulnerability Mapping

  • SonarQube with CWE
  • WP Section

Call to Act (MITRE & STIX)

  • WP Section

Practical TLCTC Tools

Leverage these tools to apply the TLCTC framework in your organization.

Cyber Threat Radar

Cyber Threat Radars

Holistic Views: Org, Customers, 3rd Parties, State Level.

Try the Radar App
WP Section
Actor Profile Example

Threat Actor Profiling

CrowdStrike 2024 Mapped

Cobalt Strike Mapping

Profile Designer
WP Section
Attack Path Designer

Attack Path Notation & Design

Enumeration V2.0

Complex Scenarios: WP Section

Path Designer App
Notation WP Section

CVE 2 TLCTC Mapper

Value for All Stakeholders

TLCTC delivers clear benefits across strategic leadership, technical teams, and regulatory bodies.

Strategic Leadership

  • Enhanced Strategic Decision-Making
  • Quantifiable Risk Management
  • Improved Board-Level Communication
  • Stronger Cybersecurity Governance

Security Operations & Technical Teams

  • Consistent Incident Classification (CSIRTs/CERTs)
  • Enhanced MITRE Integration (ATT&CK, CAPEC, CWE)
  • Streamlined Threat Intelligence Sharing (STIX)
  • Precise Attack Path Analysis for SOCs
  • Standardized Threat Intel Framework
  • Improved Vulnerability Prioritization (CVEs)

Standards Bodies & Regulatory Agencies

  • Developing Clearer Threat Standards (NIST/ISO/CIS)
  • Framework Harmonization (CISA/ENISA)
  • Global Consistency for EU Agencies
  • Enhanced National & International Coordination (NCSCs)

Critical Perspectives & The TLCTC Dialogue

Engaging with critiques and fostering an open discussion for the evolution of the TLCTC framework.

Critical TLCTC Analysis

  • The "Why Ten?" Question
  • Framework remains open to evolution
  • Call To Act: Challenges NIST and MITRE

Cluster Refinement

  • Analysis of Cluster Maturity
  • Open for community discussion
  • WP Section

Framework Analysis (Comparative)

  • Threat Modeling Manifesto
  • STRIDE
  • CRF-TT
  • OCTAVE
  • PASTA
  • ISO/SAE 21434
  • LINDDUN
  • FAIR
  • WP Section

Regulatory Analysis

  • §NIS 2 DIRECTIVE (EU) 2022/2555
  • §DORA (Digital Operational Resilience Act)
  • §DORA RTS TLTP - Draft Tech Standards
  • §Regulation (EU) 2019/881 (CSA) & (CRA)
  • §ETSI TR 103 331 V2.1.1 (Threat Sharing)

From the TLCTC Blog

Latest insights, analyses, and discussions on the TLCTC framework and its applications.

System Risk and Data Risk

May 09, 2025

System Risk vs. Data Risk Events

Understanding the TLCTC perspective on how system compromises lead to data breaches...

Read More
TLCTC Radar Explainer

May 04, 2025

Visualizing Threats with TLCTC Radars

An innovative approach to communicate and prioritize diverse cyber threats...

Read More
MFA Bypass Explainer

May 04, 2025

MFA Bypass: Evolving Attacks

Examining MFA bypass techniques and attack paths through the TLCTC framework...

Read More

Join the TLCTC Discussion

Explore, critique, and contribute. The TLCTC framework is an evolving standard. Your insights are valuable.

Work in Progress: This page is being updated. For definitive information, please consult the White Paper V1.6.3 [PDF Link].