01
The framework focuses on inherent impact, not just mitigating controls already in place.
Design Principles
Methodology Principles
The High Value Target methodology is impact-led, evolvable, quantifiable, community-informed, and grounded in authoritative sources.
02
It produces quantifiable labels and measures tied to the value adversaries seek in a target.
03
It is intended as an evolvable extension of sources such as NIST, MITRE, and the World Economic Forum.
High Value Target Design Principles
The methodology focuses on inherent impact , hence on these attributes that are intrinsic to the object* itself and do not depend on mitigating controls in place;
The attributes of each object are subject to change , hand in hand with major technological progress or evolution of cyber adversaries’ sophistication;
The methodology provides quantitative measures in terms of low / moderate / high value that an adversary aims to seek for and then leverage;
The methodology produces an outcome in form of a label which can be intended as a binary value about whether the object is or isn’t a High Value Target;
The methodology is an evolvable product which could be leveraged in a multitude of contexts like risk assessments, threat modeling, security operations and more;
The High Value Target objects and attributes are for the community hence feedback is encouraged and considered in order to strengthen the methodology and ensure fit-for-use;
The High Value Target methodology is an extension of authoritative publications ranging from NIST, MITRE, WEF and more. It is not meant to be a proprietary framework of its own.
* An object can be an asset (system, application), role, third party, data.