Defense - Resources

Defense Frameworks

• MITRE D3FEND A knowledge graph of cybersecurity countermeasures.
• NIST Cybersecurity Framework 2.0

Guides and best practices

Too many to list.

CISA

• NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations Discussed in the lectures.
• #StopRansomware Guide One-stop resource with best practices and ways to prevent, protect and/or respond to a ransomware attack.

• CISA Exercises (pentesting / red team)

  • CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks List of mitigations suggested after an extremely interesting penetration exercise by CISA on a large critical infrastructure organization, with detailed attack steps (mapped to ATT&CK). Very worth reading: one can understand the depth, length and sophistication of such attacks.
  • Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a US Critical Infrastructure Sector Organization Very worth reading either. Detailed examples of AD attack paths.
  • CISA and USCG Identify Areas for Cyber Hygiene Improvement After Conducting Proactive Threat Hunt at US Critical Infrastructure Organization. Very worth reading either. Concrete and focussed examples. July 2025.

Italy

• Misure minime di sicurezza ICT per le pubbliche amministrazioni Riferimento pratico per valutare e migliorare il livello di sicurezza informatica delle amministrazioni, al fine di contrastare le minacce informatiche più frequenti (chiamate anche "misure minime AgiD").

Major incidents: suggested mitigations

Many alerts and threat reports often include a final list of suggested mitigations. They do not reference any standard nor any systematic framework (a complete mess). Just a couple of examples:

• APT Cyber Tools Targeting ICS/SCADA Devices.
• Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations.
• Midnight Blizzard: Guidance for responders on nation-state attack