$1\mathrm{.}1$ Version History

Instructions for completing this template are given in red. Follow the instructions and then delete the red text. For $1\mathrm{.}1$ Version History, update the version history table for the data you are adding changes and delete the red text.

Version Change Date Changes and Description Editor Approval Date Approver

$1\mathrm{.}07/8/2022$ Initial Template Creation Steven Maestas $7/8/2022$ SMM

$1\mathrm{.}2$ Distribution

For this section, write a short $3-4$ of who should have access to this threat assessment

$$

$2$ Introduction

Write a short introduction to what this document describes, i$,$e$,$ annual MITRE ATT&CK threat assessment.

$2\mathrm{.}1$ Purpose

Explain why this document is being written in $3-4$ sentences

$2\mathrm{.}2$ Definitions

Include any definition for acronyms or terms that are needed to understand the rest of the document. Things like EDR, SOC, IR$,$ SIEM, SOAR, etc. should be defined here.

$$ MITRE ATT&CK

$$ Threat Assessment

$$ Threat Actor

$$ TTPs

$$ Tactics

$$ Techniques

$$ Procedures

$$ Etc.

$3$ Threat Assessment

$3\mathrm{.}1$ Threat Actors

Give a brief introduction paragraph about the threat actors. List the threat actors and give a summary of each. Explain which threat actors pose the greatest risk to Bellevue Bank and Trust.

$3\mathrm{.}2$ Tools

Give a brief introduction paragraph to the tools commonly used by the threat actors. List the tools and give a summary of each. Explain which TTPs are used by each tool.

$4$ Top MITRE ATT&CK

Write of a brief description of purpose of establishing an SLA, $3-5$ sentences.

$4\mathrm{.}1$ Ransomware

List and summarize the MITRE Top $10$ Techniques used in ransomware.

$4\mathrm{.}2$ Organizational TTPs

List and summarize the MITRE Top $10$ Techniques that are most likely to affect Bellevue Bank and Trust given the data we input into the MITRE Top $10$ calculator.

$5$ MITRE Sightings Report

A brief description of the MITRE Sightings Report.

$5\mathrm{.}1$ Most Observed Techniques

List and summarize the $15$ most observed techniques from the MITRE Sightings Report.

$6$ DeTT&CT

Summarize the purpose and use of the DeTT&CT project$/$editors

$6\mathrm{.}1$ DeTT&CT Process and Results

Summarize the process you used to generate the DeTT&CT YAML. Summarize the detection coverages based on the colored matrix you uploaded to the Navigator $($Dett&CT$.$json$).$

$7$ Mitigations

Summarize the process of adding mitigations to the MITRE ATT&CK Navigator and how Navigator maps the mitigations to techniques.

$7\mathrm{.}1$ Mitigation Results

List and briefly summarize the techniques that are mitigated based on the controls.

$8$ Gap Analysis

Summarize the steps you took to generate the Gap Analysis based on the five layers you added to attack navigator.

$8\mathrm{.}1$ Gap Analysis Results

Summarize the findings of the Gap Analysis results based on the last $($computed$)$ layer you generated. Which techniques should be concerned about based on the scoring? Which ones have the list visibility and mitigations?