The MITRE ATT&CK framework is a tool used by many cybersecurity teams to help analyze adversarial attacks and techniques. By tracking adversary methods and styles of attack, organizations gain the ability to understand their cyber risk landscape from the threat actor’s perspective.
It’s a common misconception about quantitative risk analysis that not “enough” data or“bad” data means bad calibration. That’s not true in a couple of ways. First, one always has “enough” data to conduct an analysis and second, with calibrated estimation, we’re not dependent on the amount of data we bring to the table.