Chapter 3. The CTEM Framework
CTEM operates through a sequence of five interconnected phases designed to systematically manage and mitigate risks associated with cyber threats. The CTEM process begins with identifying and assessing vulnerabilities and builds toward prioritization and mitigation strategies optimized for the organization and its threats.
The CTEM phases create a dynamic, iterative process that addresses current security threats and prepares for potential future vulnerabilities. In this chapter, we will discuss the phases of the CTEM framework. We will also examine the CTEM technology stack and look at the technologies that are used for each phase of work.
Understanding the Five Phases of CTEM
Each CTEM phase serves a specific function:
- Scoping
-
Building the scope and defining context
- Discovery
-
Discovering potential threats
- Prioritization
-
Prioritizing risks
- Validation
-
Validating risks
- Mobilization
-
Mobilizing for mitigation
Let’s take a look at each phase in turn.
Scoping
The scoping phase lays the groundwork for the entire threat exposure management initiative, setting out clear objectives and engaging key stakeholders to ensure that the organization’s threat exposure management efforts are well-defined, strategically aligned, and poised for success.
In this phase, organizations identify and define the scope of their CTEM initiative, including which assets, systems, and environments will be included in their overall assessment and mitigation efforts ...
Get Moving from Vulnerability Management to Exposure Management now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
