SWVHSC: Mapping MITRE ATT&CK to PCI DSS - Jeff Man - ESW #193
b'
MITRE ATT&CK seems to be the \\u201cnext big thing\\u201d. Every time I hear about it I can\\u2019t help but wonder, \\u201chow do you prevent all these attacks in the first place? Shouldn\\u2019t that be the end game?\\u201d To that end, I set out to map all the recommended \\u201cMitigations\\u201d for all the \\u201cTechniques\\u201d detailed in ATT&CK to see how many are already addressed by what is required in the Payment Card Industry Data Security Standard (PCI DSS). My hypothesis was all of them. The results were interesting and a little surprising, and I\\u2019m still trying to figure out how to best use the results and subsequently ATT&CK itself. I will present my findings in the briefing and hopefully generate a discussion about what to do with the results.
\\xa0
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw193
'