This guy gets it. Your first question should be around your threat model. Are you protecting against random scans and script kiddies or the various APTs?
Maybe then look at the MITRE ATT&CK framework, Cyber Kill Chain etc.
I really hate to suggest them as it appears they have deviated in weirds ways from their original goal of protecting critical infrastructure from cybersecurity attacks, but CISA has many relevant documents.
Maybe then look at the MITRE ATT&CK framework, Cyber Kill Chain etc.
I really hate to suggest them as it appears they have deviated in weirds ways from their original goal of protecting critical infrastructure from cybersecurity attacks, but CISA has many relevant documents.