CompTIA CySA+ (CS0-003) — Question 464

A Chief Information Security Officer wants to map all the attack vectors that the company faces each day. Which of the following recommendations should the company align their security controls around?

Answer options

• A. OSSTMM
• B. Diamond Model of Intrusion Analysis
• C. OWASP
• D. MITRE ATT&CK

Correct answer: D

Explanation

The MITRE ATT&CK framework is specifically designed to provide a comprehensive overview of various tactics and techniques used by attackers, making it ideal for mapping attack vectors. The other options, while valuable in their own right, do not offer the same level of detailed insights into adversary behavior and attack patterns as MITRE ATT&CK.