Risk Based Threat Assessment

Improve protection against the five MITRE ATT&CK Types

As cyberthreats continue to evolve and become more sophisticated, you require a comprehensive look at how to enhance your protection against the five MITRE ATT&CK Types listed in Center for Internet Security’s Community Defense Model. The HALOCK Risk-Based Threat Assessment, using HALOCK’s Duty of Care Risk Analysis (DoCRA) methodology, combines security guidance from Center for Internet Security, Inc. (CIS®), MITRE, The National Institute of Standards and Technology (NIST), and the VERIS Community Database (VCDB) to provide this unique offering.

With the Risk-Based Threat Assessment, organizations can prioritize security controls to enhance or implement using the best threat data the cybersecurity community offers. This results in budget and resource efficiencies by addressing the security areas of highest concern and in order of importance, to increase your resilience to cyber attacks.

The Five MITRE ATT&CK Types:

  • Ransomware attack
  • Malware attack
  • Insider Abuse attack
  • Web App attack
  • Persistent External attack


The Methodology and Deliverables

This DoCRA based threat assessment includes interviews with your organization’s personnel using the CIS Critical Security Controls (CIS Controls) to understand how your security is currently deployed.

A risk register will be created and each applicable CIS control scored.


Using the scores generated from the risk register, a heat map will be created for each attack type identifying the vulnerabilities that impose the greatest threat to your organization.


Analysis and recommendations are provided at each stage to give you the priority road map to improve your risk posture.


The Risk-Based Threat Assessment can be a one-time project or an annual program to continually model threats. You can choose 1 or up to all 5 attack types for the assessment. Clients can use a previously completed risk register or initiate a new one.



Prioritize Remediation Using What Matters Most To You:

  • Maturity of security controls and NIST CSF Security Functions
  • Risks associated with security controls
  • MITRE ATT&CK Types
  • Your roadmap from current risks to ‘reasonable’ controls



Why Choose HALOCK?

As authors of the DoCRA Standard and developers of CIS RAM, HALOCK has specialized insight to guide you through a risk method to establish reasonable and appropriate security. Risk expertise like no other.

HALOCK, a trusted risk management and cybersecurity consulting company headquartered in Schaumburg, IL, near Chicago, advises clients on reasonable security throughout the US.

Contact Us