A Risk-Based Framework for Prioritising Cybersecurity Controls Using MITRE ATT&CK with Empirical Validation via Adversary Emulation

This research proposes a risk-based framework for prioritising cybersecurity controls using the MITRE ATT&CK matrix and adversary emulation methodologies. The study aims to improve cybersecurity decision-making by integrating attacker behaviour, quantitative risk scoring, business impact, threat likelihood, and control maturity into a unified prioritisation model. The research addresses the limitations of traditional static and compliance-driven security approaches by introducing a threat-informed methodology that aligns defensive controls with real-world adversarial tactics, techniques, and procedures (TTPs). To validate the proposed framework, practical adversary emulation scenarios were conducted using MITRE Caldera within a simulated enterprise lab environment supported by Sysmon and Wazuh telemetry analysis. The study contributes to the fields of cybersecurity risk management, detection engineering, and threat-informed defence by providing a scalable and measurable approach for reducing organisational cyber risk exposure and improving strategic security control implementation.