-
Notifications
You must be signed in to change notification settings - Fork 181
/
tiber-eu-2018.yaml
484 lines (483 loc) · 23.7 KB
/
tiber-eu-2018.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
urn: urn:intuitem:risk:library:tiber-eu-2018
locale: en
ref_id: TIBER-EU-2018
name: TIBER-EU FRAMEWORK
description: 'How to implement the European framework for Threat Intelligence-based
Ethical Red Teaming
https://www.ecb.europa.eu/paym/cyber-resilience/tiber-eu/html/index.en.html'
copyright: "Copyright \xA9 for the entire content of this website: European Central\
\ Bank, Frankfurt am Main, Germany.\n\nSubject to the exception below, users of\
\ this website may make free use of the information obtained directly from it subject\
\ to the following conditions:\n\n When such information is distributed or reproduced,\
\ it must appear accurately and the ECB must be cited as the source.\n Where\
\ the information is incorporated in documents that are sold (regardless of the\
\ medium), the natural or legal person publishing the information must inform buyers,\
\ both before they pay any subscription or fee and each time they access the information\
\ taken from this website, that the information may be obtained free of charge through\
\ this website.\n If the information is modified by the user (e.g. by seasonal\
\ adjustment of statistical data or calculation of growth rates) this must be stated\
\ explicitly.\n When linking to this website from business sites or for promotional\
\ purposes, this website must load into the browser's entire window (i.e. it must\
\ not appear within another website's frame).\n\nAs an exception to the above, any\
\ reproduction, publication or reprint, in whole or in part, of documents that bear\
\ the name of their authors, such as ECB Working Papers and ECB Occasional Papers,\
\ in the form of a different publication (whether printed or produced electronically)\
\ is permitted only with the explicit prior written authorisation of the ECB or\
\ the authors."
version: 1
provider: ECB
packager: intuitem
objects:
framework:
urn: urn:intuitem:risk:framework:tiber-eu-2018
ref_id: TIBER-EU-2018
name: TIBER-EU FRAMEWORK
description: How to implement the European framework for Threat Intelligence-based
Ethical Red Teaming
requirement_nodes:
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node2
assessable: false
depth: 1
name: 'Adoption and implementation '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node3
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node2
description: 'The TIBER-EU framework is adopted and implemented by each jurisdiction
in the EU. (optional) '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node4
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node2
description: If a jurisdiction decides to implement a TIBER-XX framework, then
the framework is formally adopted by an authority, and the TIBER-EU Knowledge
Centre is informed.
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node5
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node2
description: 'The jurisdiction adopts the TIBER-XX framework as a supervisory
or oversight tool, as a catalyst, or for the purposes of financial stability. '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node6
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node2
description: 'On adoption, the core documentation of the national TIBER-XX framework
is published, and the sector is informed. '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node7
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node2
description: "The jurisdiction determines which entities should undertake a\
\ test \u2013 either on a voluntary or mandatory basis. "
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node8
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node2
description: 'The jurisdiction conducts a legal analysis of its TIBER-XX framework
to ensure it complies with national laws and regulations. '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node9
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node2
description: 'The jurisdiction puts in place appropriate governance structures
and allocates adequate resources to implement the TIBER-XX framework. '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node10
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node2
description: 'The jurisdiction has a centralised TIBER Cyber Team (TCT) to manage
the programme, oversee the tests and liaise with the TIBER-EU Knowledge Centre. '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node11
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node2
description: 'In case of cross-border entities, the test is initiated and driven
by the lead authority. If another relevant authority seeks to initiate and
lead the test, the lead authority must agree to it. '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node12
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node2
description: In case of cross-border entities, the test is conducted jointly
between the lead authority and other relevant authorities. (optional)
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node13
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node2
description: 'The TIBER-EU test is conducted by independent third-party providers,
i.e. external threat intelligence (TI) and red team (RT) providers. '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node14
assessable: false
depth: 1
name: 'Preparation phase '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node15
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node14
description: 'For each test, there is a White Team (WT), independent TCT (and
Test Manager), and external TI/RT providers. '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node16
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node14
description: 'The national intelligence agency/national cyber security centre/high-tech
crime unit is involved in each test. (optional) '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node17
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node14
description: 'Once the procurement process has been completed, there are appropriate
contracts in place between the different stakeholders, with relevant controls
embedded into the contracts, to facilitate a controlled test (in a discreet
manner). '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node18
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node14
description: 'Prior to conducting the test, the WT conducts a risk assessment
and then puts in place all the necessary risk management controls, processes
and procedures to facilitate a controlled test. '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node19
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node14
description: 'Throughout the end-to-end test process, in all documentation and
communication between stakeholders a code name is used to conceal the identity
of the entity being tested. '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node20
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node14
description: 'At the outset of the test process, there is a launch meeting which
includes the WT and TCT. '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node21
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node14
description: The launch meeting also includes other relevant authorities and
the TI/RT providers. (optional)
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node22
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node14
description: 'The scope of the test includes critical functions (CFs), as well
as the people, processes, and technology and databases that support the delivery
of CFs. This is documented in the TIBEREU Scope Specification document and
signed off in the attestation by the board. '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node23
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node14
description: The entity expands the scope of the test beyond the CFs and includes
other functions and processes. (optional)
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node24
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node14
description: "During the scoping phase, the WT (with agreement from the TCT),\
\ sets \u201Cflags\u201D, which are targets or objectives, that the RT provider\
\ aims to meet during the test. "
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node25
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node14
description: 'The test is conducted on live production systems. '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node26
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node14
description: "Only the WT and TCT are informed about the test, its details and\
\ the timings \u2013 all other staff members (i.e. Blue Team, BT) remain unaware\
\ of the test. "
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node27
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node14
description: 'Only TI/RT providers that meet the minimum requirements set out
in the TIBER-EU Services Procurement Guidelines can undertake the TIBER-EU
test. The TI/RT providers will be TIBEREU-certified and accredited once the
EU has these capabilities in place. '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node28
assessable: false
depth: 1
name: 'Threat intelligence and red team testing phase '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node29
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node28
description: 'For each test, an external TI provider produces a dedicated Targeted
Threat Intelligence Report (TTI Report) on the entity being tested. Where
infrastructure has been outsourced and a third party is included in the scope
of the test, the TTI Report also includes information about that third party. '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node30
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node28
description: "For each national implementation, a Generic Threat Landscape Report\
\ (GTL Report) for the country\u2019s financial sector is produced and maintained,\
\ and is used to help inform the TTI Report. (optional)"
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node31
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node28
description: For each threat intelligence report (TTI and GTL), the national
intelligence agency/national cyber security centre/high-tech crime unit is
involved to provide feedback. (optional)
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node32
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node28
description: For each TTI Report on the entity, the TI provider sets out multiple
threat scenarios which can be used by the RT provider.
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node33
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node28
description: The TI provider holds a handover session with the RT provider,
providing the basis for the threat scenarios.
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node34
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node28
description: Following the handover, the TI provider continues to be engaged
during the testing phase and provides additional up-to-date, credible threat
intelligence to the RT provider, where needed. (optional)
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node35
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node28
description: 'The RT provider develops multiple attack scenarios, based on the
TTI Report. This is documented in the Red Team Test Plan and shared with the
WT and TCT. '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node36
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node28
description: The jurisdiction, in its implementation of the TIBER framework,
allows physical red teaming in the scope of the methodology for the TIBER
test (e.g. planting a device at the entity), provided all necessary precautions
are taken. (optional)
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node37
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node28
description: "The RT provider executes the attack based on the scenarios (with\
\ some flexibility) in the Red Team Test Plan and goes through each of the\
\ phases of the kill chain methodology. Where needed, a \u201Cleg-up\u201D\
\ will be provided by the entity. "
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node38
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node28
description: "During the test, the RT provider keeps the WT and TCT informed\
\ about progress, \u201Ccapture the flag\u201D moments, the possible need\
\ for leg-ups, etc. The RT provider takes a stage-by-stage approach and consults\
\ the WT and TCT at all critical points to ensure a controlled test. "
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node39
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node28
description: "The duration of the red team test is proportionate to the scope,\
\ size of the entity, complexity of threat scenarios, etc. Sufficient time\
\ is allocated to testing to guarantee that a comprehensive test has been\
\ conducted across the enterprise. Experience suggests that a period of at\
\ least 10\u201312 weeks is required. "
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node40
assessable: false
depth: 1
name: Closure phase
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node41
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node40
description: 'At the end of the test, the RT provider produces a Red Team Test
Report, outlining the findings from the test. '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node42
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node40
description: "The entity\u2019s BT is informed of the test and uses the Red\
\ Team Test Report to deliver its own Blue Team Report. In the Blue Team Report,\
\ the BT maps its actions alongside the RT provider\u2019s Team actions. "
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node43
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node40
description: 'At the end of the test, the RT provider, the BT and the WT conduct
an interactive replay of the test, where possible using live production systems,
to review the impact of the actions of the RT provider. '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node44
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node40
description: The TCT, supervisors/overseers and TI provider are also present
during these replay workshops. (optional)
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node45
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node40
description: A purple teaming element is added in which the BT and the RT provider
can work together to see which other steps could have been taken by the RT
provider and how the BT could have responded to those steps. (optional)
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node46
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node40
description: 'At the end of the test, there is a 360-degree feedback meeting
which includes the entity, TI/RT providers and TCT. In this meeting, the parties
review the TIBER-EU test process and give feedback. '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node47
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node40
description: 'After the BT and RT provider replay and 360-degree feedback workshop,
the entity produces a Remediation Plan to address the findings. The Remediation
Plan is agreed with the supervisor and/or overseer as part of their planning
and control cycle. '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node48
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node40
description: 'The entity produces a Test Summary Report, which it shares with
the lead authority. '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node49
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node40
description: "The entity\u2019s board and the TI/RT providers sign an attestation\
\ to validate the true and fair conduct of the TIBER-EU test (to enable recognition\
\ by other relevant authorities). "
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node50
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node40
description: 'If mutually agreed, the lead authority and/or the entity share
the Test Summary Report and attestation with other relevant authorities (where
applicable). '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node51
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node40
description: 'The TCT in each jurisdiction analyses the results of all the TIBER
tests and the lessons learned from the 360-degree feedback meetings to produce
high-level, aggregated findings. '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node52
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node40
description: 'This information is used to enhance sector resilience and improve
the TIBER-XX framework. '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node53
assessable: false
depth: 1
name: 'Abbreviations '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node54
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node53
name: 'Term '
description: 'Explanation '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node55
assessable: false
depth: 3
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node54
name: 'BT '
description: 'Blue Team '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node56
assessable: false
depth: 3
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node54
name: 'CF '
description: 'critical function '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node57
assessable: false
depth: 3
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node54
name: 'GTL '
description: 'generic threat landscape '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node58
assessable: false
depth: 3
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node54
name: 'HUMINT '
description: 'human intelligence '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node59
assessable: false
depth: 3
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node54
name: 'NDA '
description: 'non-disclosure agreement '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node60
assessable: false
depth: 3
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node54
name: 'OSINT '
description: 'open-source intelligence '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node61
assessable: false
depth: 3
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node54
name: 'RACI '
description: 'Responsibility Assignment Matrix (RACI stands for Responsible,
Accountable, Consulted, Informed) '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node62
assessable: false
depth: 3
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node54
name: 'RT provider '
description: 'red team provider '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node63
assessable: false
depth: 3
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node54
name: 'TCT '
description: 'TIBER Cyber Team '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node64
assessable: false
depth: 3
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node54
name: 'TIBER '
description: 'threat intelligence-based ethical red teaming '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node65
assessable: false
depth: 3
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node54
name: 'TI provider '
description: 'threat intelligence provider '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node66
assessable: false
depth: 3
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node54
name: 'TKC '
description: 'TIBER-EU Knowledge Centre '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node67
assessable: false
depth: 3
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node54
name: 'TTI '
description: 'targeted threat intelligence '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node68
assessable: false
depth: 3
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node54
name: 'TTM '
description: 'Team Test Manager '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node69
assessable: false
depth: 3
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node54
name: 'TTP '
description: 'tactics, techniques and procedures '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node70
assessable: false
depth: 3
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node54
name: 'WT '
description: 'White Team '
- urn: urn:intuitem:risk:req_node:tiber-eu-2018:node71
assessable: false
depth: 3
parent_urn: urn:intuitem:risk:req_node:tiber-eu-2018:node54
name: 'WTL '
description: 'White Team Lead '