THR
Threat Management
13 controls
Proactively identify and assess technology-related threats, to both assets and business processes, to determine the applicable risk and necessary corrective action.
| SCF # | Control Name | Weight |
|---|---|---|
| THR-01 | Threat Intelligence Program | 8 — High |
| THR-02 | Indicators of Exposure (IOE) | 8 — High |
| THR-03 | Threat Intelligence Feeds | 8 — High |
| THR-03.1 | Threat Intelligence Reporting | 8 — High |
| THR-04 | Insider Threat Program | 8 — High |
| THR-05 | Insider Threat Awareness | 8 — High |
| THR-06 | Vulnerability Disclosure Program (VDP) | 8 — High |
| THR-06.1 | Security Disclosure Contact Information | 1 — Low |
| THR-07 | Threat Hunting | 4 — Medium |
| THR-08 | Tainting | 1 — Low |
| THR-09 | Threat Catalog | 5 — Medium |
| THR-10 | Threat Analysis | 7 — High |
| THR-11 | Behavioral Baselining | 5 — Medium |
The Secure Controls Framework (SCF) is maintained by SCF Council. Use of SCF content is subject to the SCF Terms & Conditions.