Introducing SCREATH (Supply Chain Risk Framework)

Today, I gave a talk at the SANS Threat Hunting Summit on Supply Chain Threat Hunting. I’ll publish slides later, but I wanted to post our supply chain threat hunting framework worksheet. I want to thank Brandon McCrillis (Rendition Infosec CEO) for freeing me up for the time to work on this (he also gave the green light to release this to the community).

SCREATH stands for:

Supply
Chain
Risk
Evaluation,
Analysis, and
Threat
Hunting

You can find the SCREATH score sheet v0.1 (Google Sheets) here.

The SCREATH scoresheet is free for organizations to use, though please provide attribution. We are actively requesting feedback on the framework. Are we missing questions? Do you disagree with the score weights? Let us know (screath { a t } renditioninfosec.com or tag us on Twitter). We’ll certainly be posting more on this later, but I wanted to get this out now for the talk.

Your cart
subtotal:
$0.00

This will be copy area - something to the effect of estimated ship time if applicable

CONFIDENTIAL

Rendition's advanced courses contain the latest in information security knowledge. Please contact us for more information.

This page has proprietary information in it, please contact us for more information.