Applying MITRE ATT&CK for Cyber Resilience: A Lessons-Learned Approach

Sign up for this talk here, or for ALL sessions of the ISSA International Cyber Resilience Awareness Day Virtual Summit here: https://issa.brighttalk.com/summit/7595/ Major cyber incidents expose gaps in critical asset protection, raising the question: how can MITRE ATT&CK help strengthen cyber resilience? This presentation explores how MITRE ATT&CK reveals lessons learned from real-world incidents - starting from Groups, through TTPs and Mitigations, to the intersection with cyber resilience via the MITRE Cyber Resiliency Engineering Framework (CREF). It demonstrates how ATT&CK with the CREF Navigator can help organizations shift from reactive threat tracking to proactive, resilience-oriented planning. By analyzing cyber incidents and IT disruptions, we underscore how MITRE ATT&CK can serve not only as a threat-tracking tool but also as a valuable reference for strengthening cyber resilience against both evolving adversaries and technological disruptions. Featuring: Lorenzo Vacca, Cybersecurity Manager, RSM Italy (https://www.linkedin.com/in/lorenzo-vacca/)