| Model |
The model tactic is used to apply security engineering, vulnerability, threat, and risk analyses to digital systems. This is accomplished by creating and maintaining a common understanding of the systems being defended, the operations on those systems, actors using the systems, and the relationships and interactions between these elements. |
| Harden |
The harden tactic is used to increase the opportunity cost of computer network exploitation. Hardening differs from Detection in that it generally is conducted before a system is online and operational. |
| Detect |
The detect tactic is used to identify adversary access to or unauthorized activity on computer networks. |
| Isolate |
The isolate tactic creates logical or physical barriers in a system which reduces opportunities for adversaries to create further accesses. |
| Deceive |
The deceive tactic is used to advertise, entice, and allow potential attackers access to an observed or controlled environment. |
| Evict |
The eviction tactic is used to remove an adversary from a computer network. |