LOGBOOK

HELP

Quiz Entry - updated: 2026.06.23

In step 6 you "determine current and desired-state measures." How does referencing MITRE mitigation IDs (e.g. M1030, M1032) strengthen this step?

Listing concrete, catalogued mitigations — like network segmentation (M1030) or multi-factor authentication (M1032) — turns vague intentions into specific, traceable controls mapped to the threats they counter.

Example improvements from the worked exercise include segmenting the main protect-surfaces holding high-value assets (M1030), user access management with multi-factor authentication and single sign-on (M1032/M1036/M1015/M1018), deploying Extended Detection and Response (XDR) with active monitoring across cloud/OT/servers (M1042/M1049/M1050/M1053/M1056), and a cybersecurity incident-response plan. WHY use IDs: they tie each control back to the specific ATT&CK techniques it blocks, so you can show the board exactly which attacker behaviours each euro of investment defeats — defensible, gap-driven prioritization rather than a shopping list.

From Quiz: ISM / Threat & Impact Modelling | Updated: Jun 23, 2026