In the era of LLM, Generative AI, cybersecurity is even more important because there is more ways to leverage data and more risks of data security. Before enterprises deploy AI, what they first consider is usually AI risk. While there could be both technical threat and regulation risk, this article documents major non-company-specific technical threat and cybersecurity frameworks for general applications.
MITRE
MITRE is not an acronym, though some thought it stood for Massachusetts Institute of Technology Research and Engineering. The name is the creation of James McCormack, an early board member, who wanted a name that meant nothing, but sounded evocative.
Start from a simple attack scenario then map MITRE ATT&CK framework to it (ATT&CK stands for Adversarial Tactics (goals/what), Techniques (approaches/how) and Common Knowledge (details))
Mentioned about 14 tactics, tools (caldera, metta, ERTA, Atomic Red team)
NIST
National Institute of Standards and Technology
Draft of the NIST Cybersecurity Framework 2.0
OWASP
Open Web Application Security Project
Framework publishing soon
