Introtake #002
Bow-Tie! April 2025
The Bow tie article on Wikipedia revealed an interesting origin story: Croatian mercenaries?! Well, bow-ties do remind me of Bond. James Bond, the secret agent with a license to kill... The article also has the quote:
The bow tie hints at intellectualism, real or feigned, and sometimes suggests technical acumen, perhaps because it is so hard to tie".
Warren St John (The New York Times, 2005)
And I found that to be quite suitable because what I really want to talk about is a Wikipedia "disambiguation", the Bow-tie diagram. I want to use this tool to build actual technical acumen, to help "kill" both uncertainty and inactivity. And to make it easier to answer the question "What can we do to anticipate and better handle Information Security Events?"
I've dabbled with bow-tie diagrams for some time and the iteration I am currently operating is quite well suited for use with cyber-attacks. To help me find standard terms that are freely available I looked at
- the EU Risk Management Toolbox, this provides mappings for Terms, Assets, Threats and Risk-Impact Levels.
- the controls from ISO27001/2. I find that the use of this ISO standard helps me map out my controls against other frameworks. (See Introtake 1 - Taxonomy…)
Finally, I placed the tactics found in The Unified Kill Chain (UKC) into a fishbone diagram. The UKC threat modeling design was created to raise “resilience against advanced cyber-attacks”. It is recognizable to most as it “extends and combines existing models, such as Lockheed Martin's Cyber Kill Chain® and MITRE's ATT&CK™.
