victoriaalicex/Emerging-TI-IR-Framework

# Emerging-TI-IR-Framework Incident response playbook and threat intelligence research covering emerging AI security threats, mapped to MITRE ATT&CK and NIST frameworks. A formal incident response playbook addressing emerging and converging cybersecurity threats relevant to high-security operational environments. Developed as part of an independent research portfolio in preparation for a role in cyber defense. ## Overview This document takes a threat triad approach — treating three emerging attack categories as interconnected rather than isolated, reflecting how adversaries actually operate in practice. The playbook covers detection, containment, eradication, recovery, and post-incident documentation. ## Threat Categories Addressed - **Autonomous system exploitation** — emerging attack surfaces created by AI-driven automation in enterprise and government environments - **Persistent access via background processes** — low-visibility privilege escalation through continuously operating automated systems - **Long-horizon cryptographic risk** — nation-state collection strategies targeting conventionally encrypted communications for future decryption ## Document Structure The playbook follows the NIST SP 800-61 incident response lifecycle and includes: - Executive summary and threat overview - MITRE ATT&CK technique mapping - Detection indicators by severity - Five-phase response playbook - Notification and escalation chain - Preventive controls aligned to NIST SP 800-53 - Modern threat addendum covering active 2025–2026 incidents - Full references and framework citations ## Frameworks Referenced - NIST SP 800-61 Rev 2 - NIST SP 800-53 Rev 5 - NIST FIPS 203/204/205 (2024 Post-Quantum Standards) - NSA CNSA 2.0 - MITRE ATT&CK - OWASP LLM Top 10 (2025) - DoD Zero Trust Strategy - CISA AI Security Guidelines ## Portfolio Context This is the third in a series of independent cybersecurity projects covering cloud infrastructure, application security, and threat intelligence and response. | Project | Focus | |---|---| | Project 1 | Cloud infrastructure architecture and network segmentation | | Project 2 | Secure web application development with API security controls | | Project 3 | Threat intelligence research and incident response documentation | ## Document Access The full playbook is available upon request. Please reach out directly for access. ## Author **Victoria N** — Cyber Analyst GitHub: [victoriaalicex](https://github.com/victoriaalicex)