top of page

CALL FOR SUB-STANDARDS IS OPEN

OPEN THREAT PROFILES

Intrusion Threat Profiles
Translate real adversary behavior into clear exposure patterns that defenders can use to improve architecture, detection, and resilience.

Draft Threat Profiles coming soon 2026.

I8_logo7.png
Intrusion 8 Phases

The Intrusion Eight presents a structured progression model that explains how adversaries move from initial reconnaissance to mission completion. Designed for ethical education, simulation, and professional awareness, it frames intrusion as a disciplined sequence rather than chaos, helping practitioners understand adversary behavior without promoting misuse.

image.png
cyber_analyst_I8_vault1.png

INTRUSION VAULT

The Intrusion Vault, inside the ISAUnited.org Library

The Intrusion Vault is Intrusion 8’s curated library of structured adversary intelligence, written to support responsible defense. It translates real intrusion behaviors into reference catalogs that help teams identify exposure conditions, map likely impact paths, and improve defensive design and response. The Vault is housed in the ISAUnited.org Library to keep Intrusion 8 aligned with professional standards, governance, and legitimate instruction.

Threat Profiles

Red Team intelligence that pressures every Defensible 10 domain.

Intrusion8 Threat Profiles translate real adversary operations into disciplined, domain-aligned profiles that defenders can adopt. Each profile maps to one Defensible 10 Standard and frames intrusion progression through the eight Threat Operations Functions (TOF) phases, emphasizing conditions, outcomes, and observable traces rather than instructions.

  • Ten profiles, TP01 through TP10, aligned one to one with D01 through D10

  • Anchored to the Intrusion Vault: Threat Actors, Threat Vectors, and Threat Tools

  • Built for authorized education, simulation, and defensive planning

Threat_profile_report_pic2.png

Coming Soon 2026

THE BOOK

Mastering Technical Adversarial and Defensible Analysis (TADA) presents a practical method for threat-informed security architecture from the Red Team Intelligence perspective of Intrusion 8. It teaches practitioners how to translate adversary behavior into architecture-level findings, defensible decisions, and engineering actions that reduce exposure and constrain impact.

 

TADA is anchored on an eight-phase intrusion lifecycle, referred to as Threat Operations Functions (TOF): Initial reconnaissance, Initial compromise, Establish foothold, Escalate privileges, Internal reconnaissance, Move laterally, Maintain presence, and Complete mission. These phases provide a consistent structure for mapping threats to systems.

Written for security architects, engineers, and technical leaders, this book advances threat-informed security architecture as a measurable, defensible professional practice, with the mission of protecting people by leveraging adversary intelligence to strengthen secure systems and save lives.

TADA_I8_book_image2_v2.png
The Book
How Intrusion 8 Connects to Defensible 10

Intrusion 8 and Defensible 10 are designed to work together.

  • Intrusion 8 clarifies exposure conditions and how compromise progresses.

  • Defensible 10 defines what must be engineered, implemented, and defended.

  • The Intrusion Vault supports verification and validation by anchoring defensive decisions to threat actor behavior, threat vectors, and tool-driven operations.

image.png
Engineering-grade cybersecurity is a public safety expectation

Society depends on digital systems that must remain trustworthy under stress. The Defensible 10 Standards and the Defensible Loop exist to strengthen that trust through disciplined practice and proof.

Contact Us

Contact Us

Have a question or need assistance? Our team supports practitioners and engineers who design and build defensive architecture and infrastructure.

Supported by:

I8_logo4.png

Training by:

new-1-blue-background_v2.png

Practitioner and Organizational Use

Intrusion 8 is for educational and instructional purposes only. Content is written to strengthen defensive readiness and professional practice. Intrusion 8 does not provide procedural guidance intended for misuse.

Commercial, Vendor, and Integration Use

The use, reproduction, or incorporation of the Intrusion Threat Profiles or their content within commercial products, software, tooling, managed services, or for-profit offerings requires a separate commercial integration or redistribution license issued by the Institute of Security Architecture United (ISAUnited.org).


This includes but is not limited to:

  • Integration into commercial or subscription-based platforms or software tools

  • Use in vendor-branded frameworks or automated compliance products

  • Redistribution of modified or adapted versions for resale or commercial benefit

 

Requests for commercial licensing or integration agreements should be directed to:  info@isaunited.org

© 2026 The Intrusion 8 Threat Profiles. Owned, operated, and maintained by the Institute of Security Architecture United (ISAUnited.org).

bottom of page