• Executive Summary
  • Introduction
  • Objectives
  • Assumptions - Axioms
    • Why Start With Assumptions?
    • Agreement Required
    • Key Axioms
  • The Thought Experiment
  • Definitions
    • #1 Abuse of Functions
    • #2 Exploiting Server
    • #3 Exploiting Client
    • #4 Identity Theft
    • #5 Man in the Middle
    • #6 Flooding Attack
    • #7 Malware
    • #8 Physical Attack
    • #9 Social Engineering
    • #10 Supply Chain Attack
    • Clarifications
  • Bridging Strategy & Operations
    • Strategic Management Layer
    • Operational Layer
    • Cyber Risk Events & Incidents
    • Consequences
    • Integration Between Layers
  • The Anatomy of Risk
    • Cyber Bow-Tie & Risk-Management
    • Clarification on Central Event
    • KRI, KCI and KPI
    • Hierarchical Framework
  • Data Risk Event Types
  • Sequences in Clusters
    • There are NO overlappings
    • Sequences Example
  • Concept Applicability
    • At Interface Level (API)
    • At Function Call Level
    • Vertical Stack Application
  • Standardizing Strategical
    • Refinement of Clusters
  • Standardizing Operational
    • Need for Sub-Threat Structures
    • Refinement of Clusters
  • IT Systems, Assets, and TLCTC
    • The Challenge
    • Core Principles
    • Strategic vs. Operational
    • Implementation Framework
    • Conclusion
  • A. Leveraging NIST CSF
    • Control Framework
    • Application
  • B. SSDLC Integration
    • Introduction
    • Fundamental Principles
    • Phase-Specific Integration
    • Integration with NIST CSF
  • C. Secure Coding Practices
    • Mapping TLCTC to Practices
    • Reflecting on STRIDE
    • Conclusion
  • D. Threat Intel Examples
    • NSO Pegasus
    • Emotet@Heise
    • Cobalt Strike
    • Attacker profiles
  • E: Threat Intel - MITRE & STIX
    • Enhancing STIX
    • Enhancing MITRE ATT&CK
    • Conclusion
  • F: Introducing Cyber Threat Radars
    • The Current Challenge
    • Enter the Cyber Threat Radar
    • Key Benefits
    • Versatile Application
    • Understanding Visualizations
    • Standardized Notation
    • MFA Bombing Example
  • G: Critical Analysis of Frameworks
    • ISO 27001/5
    • NIST CSF
    • MITRE ATT&CK
    • MITRE CWE
    • MITRE Cyber Prep
    • STRIDE
    • OWASP
    • BSI
    • CRF-TT
    • CIS RAM
    • ENISA
    • ETSI
    • FAIR
    • Summary
  • H. Oversimplification?
  • I. Example Control Matrix
  • K: Physical Layer Analysis
  • L: Integrating PLC Architectures
  • M: Enhancing CVE Details
  • N: CVE Analysis Example
  • O: Integrating FAIR
  • P: TLCTC Practical Application
  • Q: Integrating NIST NICE Tasks
  • X. Change Log