Skip to content
/ cybersecurity-models Public

A collection of models for organizing, prioritizing, and understanding cybersecurity and information risk management concepts.

kwm.me/posts/cybersecurity-models/
20 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

keithmccammon/cybersecurity-models

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
README.md
README.md
 
 

Repository files navigation

Cybersecurity models

A collection of models for organizing, prioritizing, and understanding cybersecurity and information risk management concepts.

Functional models

Cybersecurity Framework (CSF) by the National Institute of Standards and Technology (NIST), U.S. Department of Commerce

Cyber Defense Matrix by Sounil Yu

Intrusion and/or adversary analysis models

ATLAS by the MITRE Corporation

ATT&CK by the MITRE Corporation

Cyber Kill Chain by Lockheed Martin

D3FEND by the MITRE Corporation

Diamond Model by the United States Department of Defense (DoD)

GenAI Attacks Matrix

SaaS Attacks by Push Security

Maturity models

Consumer Authentication Strength Maturity Model (CASMM) by Daniel Meissler

CSIRT Maturity Framework by the European Union Agency for Cybersecurity (ENISA)

Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) by the CTI-CMM team / working group

Cybersecurity Capability Maturity Model (C2M2) by the United States Department of Energy (DoE)

Cybersecurity Maturity Matrix by Keith McCammon

Cybersecurity Maturity Model Certification, by the United States Department of Defense (DoD)

Detection Engineering Maturity Model by Kyle Bailey

Essential Eight Maturity Model by the Australian Signals Directorate (ASD)

Red Team Maturity Model (RTCMM) by Brent Harrell and Garet Stroup

Security Incident Management Maturity Model, by the Open CSIRT Foundation

Zero Trust Maturity Model by the Cybersecurity & Infrastructure Security Agency (CISA)

Shared responsibility models

Artificial intelligence (AI) shared responsibility model by Microsoft

AI Security Shared Responsibility Model by Mike Privette

Shared responsibilities and shared fate on Google Cloud by Google

Shared responsibility in the cloud by Microsoft

Shared Responsibility Model by Amazon Web Services

Threat, risk, resilience and other management models

AI Risk Management Framework by the National Institute of Standards and Technology (NIST), U.S. Department of Commerce

AI Risk Repository by MIT

CERT Resilience Management Model by Carnegie Mellon University

FAIR Risk Management by the FAIR Institute

OCTAVE by Carnegie Mellon University

Risk Management Framework by the National Institute of Standards and Technology (NIST), U.S. Department of Commerce

Threat Assessment and Remediation Analysis (TARA) by the MITRE Corporation

About

A collection of models for organizing, prioritizing, and understanding cybersecurity and information risk management concepts.

kwm.me/posts/cybersecurity-models/

Topics

cybersecurity awesome-list maturity-models risk-management

Resources

Readme
Activity

Stars

20 stars

Watchers

4 watching

Forks

4 forks
Report repository