Do you know what defensive capabilities your organization has? Do you know what team is doing what to combat threats? Have you got a way of coordinating your defensive efforts?
Let me introduce you to the Courses of Action (CoA) matrix. This key strategic planning tool will allow you to assess your defensive capabilities, provide security teams with situational awareness, and enable you to coordinate defensive efforts. It provides a structured framework to help you organize your tactical and procedural responses to cyber threats.
In this article, you will see how to use the CoA matrix in the real world by mapping your defensive actions against an adversary’s actions using the Cyber Kill Chain and MITRE ATT&CK. This will enable you to assess how resilient your organization is against a cyber attack, help you answer intelligence requirements, and drive critical thinking about defensive capabilities. Let’s get started!
What is the Courses of Action Matrix?
The Courses of Action (CoA) matrix is a strategic planning tool to identify, evaluate, and prioritize defensive actions against potential threats. It provides a structured framework that security teams can use to orchestrate tactical and procedural responses based on their defensive capabilities.
