Introducing the Common Attack Process Framework for Incident Mapping

Abstract

The paper presents a new framework that allows both educators and operational personnel to better overlay incidents into a simplified framework. While other attack frameworks exist, they either lack simplicity or are too focused on specific types of attacks. Therefore, the authors have attempted to define a framework that can be used broadly across both physical and cyber incidents. Furthermore, the paper provides several high-profile examples wherein it is shown how this new framework more accurately represents the adversary's actions. Lastly, the framework allows room for expansion in that, within each stage, a plethora of questions can be addressed, giving greater specificity into how that stage was carried out.