What is Tactics, Techniques, and Procedures in Cybersecurity?
A framework for describing adversary behavior at three levels. Tactics are the attacker's goals (initial access, persistence). Techniques are how they achieve those goals (phishing, scheduled tasks). Procedures are the specific implementation details. TTPs form the foundation of threat intelligence analysis.
Why Tactics, Techniques, and Procedures Matters for Your Cybersecurity Career
TTPs are the most valuable form of cybersecurity threat intelligence because attackers change them less frequently than indicators. Threat intelligence analysts map adversary TTPs to the MITRE ATT&CK framework. SOC analysts write detection rules targeting specific techniques. Incident responders use TTP analysis to determine which threat group conducted a breach.
Which Cybersecurity Roles Use Tactics, Techniques, and Procedures?
Related Cybersecurity Terms
Related Cybersecurity Certifications
Frequently Asked Questions
What does Tactics, Techniques, and Procedures mean in cybersecurity?
A framework for describing adversary behavior at three levels. Tactics are the attacker's goals (initial access, persistence). Techniques are how they achieve those goals (phishing, scheduled tasks). Procedures are the specific implementation details. TTPs form the foundation of threat intelligence analysis.
Why is Tactics, Techniques, and Procedures important in cybersecurity?
TTPs are the most valuable form of cybersecurity threat intelligence because attackers change them less frequently than indicators. Threat intelligence analysts map adversary TTPs to the MITRE ATT&CK framework. SOC analysts write detection rules targeting specific techniques. Incident responders use TTP analysis to determine which threat group conducted a breach.
Which cybersecurity roles work with Tactics, Techniques, and Procedures?
Cybersecurity professionals who regularly work with Tactics, Techniques, and Procedures include Threat Intelligence Analyst, SOC Analyst, Incident Responder. These roles apply Tactics, Techniques, and Procedures knowledge within the Defensive Security domain.
Sources
Definitions are original explanations written for career development purposes. For authoritative technical definitions, refer to NIST, ISO, or the relevant standards body.
Related Resources
Related Cybersecurity Career Guides
Related Cybersecurity Certifications
Get cybersecurity career insights delivered weekly
Join cybersecurity professionals receiving weekly intelligence on threats, job market trends, salary data, and career growth strategies.
Get Cybersecurity Career Intelligence
Weekly insights on threats, job trends, and career growth.
Unsubscribe anytime. More options