Aligning to frameworks such as the NIST Cybersecurity Framework and/or ISO 27001 is a sound approach for building or maturing a cybersecurity program. Yet a major gap remains: a structured way to identify current cyber threats and evaluate whether deployed controls will suffice to defend against them. The MITRE ATT&CKⓇ Framework complements the common programmatic frameworks in order to better determine the effectiveness of your security capabilities.
