# Threat Mitigation [[Threat Mitigation]] is a top-level [[Cybersecurity]] capability, that aids business capabilities by mitigating threats when the business capability struggles to achieve its target adversary resilience level. These capabilities may be used in lieu of or in addition to built-in or native security features, reducing the impact of a threat. ## Map ``` mermaid <!-- element style="width:90%; height:auto" --> graph TD Top[[Cybersecurity]] --- C[[Threat Mitigation]] C --- C.1[[Allow Listing]] C --- C.2[[Challenge Management]] C --- C.3[[Deny Listing]] C --- C.4[[Deception Management]] %% Class Definitions %% ===================== class Top,A,A.1,A.2,A.3,A.4,A.5,A.6,B,B.1,B.2,B.3,B.4,B.5,C,C.1,C.2,C.3,C.4,D,D.1,D.2,D.3,D.4,D.5,E,E.1,E.2,E.3,E.4,E.5,E.6 internal-link,font-color:white; class Top cssClassL0; classDef cssClassL0 fill:black,stroke:black,stroke-width:4px,font-size:15px,font-color:white; class A,B,C,D,E cssClassL1; classDef cssClassL1 fill:darkblue,stroke:darkblue,stroke-width:4px,font-size:15px,font-color:white; class A.1,A.3,A.4,A.5,A.6,B.1,B.2,B.3,B.4,B.5,C.1,C.2,C.3,C.4,D.1,D.2,D.3,D.4,D.5,E.1,E.2,E.3,E.4,E.5,E.6 cssClassL2; classDef cssClassL2 fill:blue,stroke:blue,stroke-width:4px,font-size:15px,font-color:white; class C cssClassCurrent; classDef cssClassCurrent fill:#2f9503,stroke:#2f9503,stroke-width:4px,font-size:15px,font-color:white; ``` ## Definition > [!cm-definition] Definition > Threat mitigation are capabilities that are implemented to mitigate the weaknesses inherent in other assets when no other alternative is available or security features cannot be completed in time for a release. ## Goals >[!cm-goal] Goal 1 >**Broad-level mitigations** - Threat mitigation is available and can be provided to limit threats where security defenses are unavailable for an asset. >[!cm-goal] Goal 2 >**Secondary controls** - The best defenses are built into targeted assets which make them resilient by design. Threat mitigation is leveraged as a back-up when needed. >[!cm-goal] Goal 3 >**Included in TCO during Procurement** - All threat mitigation should be included in the total cost of ownership assessment when evaluating new suppliers and renewals with existing suppliers to ensure security features and mitigations are evaluated in the total cost evaluation. ## Scope The scope of Threat Mitigation covers all assets not yet secure enough to operate without additional mitigations to achieve the desired level of risk reduction defined by defensive thresholds. >[!cm-notscope] Example of what's not included >For example, this map does not include protections that should be natively built-in as security features for other capabilities, such as "Identity and Access Management" and "Password Encryption". In this case, encryption is best implemented within the supporting technology for Identity and Access Management so that passwords are protected from inception through retirement. ## Process ```mermaid flowchart LR A1[Standards <br /> as Input] --> B[1. Implement <br /> Denies] A2[Thresholds <br /> as Input] --> B B -.-> F A1 --> C[2. Implement <br /> Challenges] A2 --> C B ~~~ C C -.-> F A1 --> D[3. Implement <br /> Allows] A2 --> D C ~~~ D D -.-> F A1 --> E[4. Implement <br /> Deceptions] A2 --> E D ~~~ E E -.-> F[Send output to Security Data Lake] F --> Stakeholders ``` ## Metrics >[!cm-metric] Metric: Challenged vs. Total Traffic >[!cm-metric] Metric: Blocked vs. Total Mitigated Traffic >[!cm-metric] Metric: % Incidents with Mitigations vs. Total Incidents ## Inspiration & Resources + https://www.cisa.gov/topics/physical-security/insider-threat-mitigation ## Release Notes + [[Q4 2023 Release#Document L1 for Threat Mitigation]] ## [Cyber City Map](https://cybercitymap.com/) © 2023-2024 by [ThirdScore, Inc.](https://thirdscore.com/) All Rights Reserved.