Skip to content

block/assured-methodology

ASSURED Cybersecurity Methodology

A structured, repeatable methodology for security analysts to triage, investigate, and document events with clarity, context, and confidence.

Code License: MIT Content License: CC BY 4.0 Documentation Contributors Welcome

πŸ“– Live site: assured-methodology.vercel.app

πŸ” What is ASSURED?

ASSURED is a methodology for security event triage: the work between an alert firing and the decision to close it or escalate it to incident response. IR frameworks like NIST 800-61 and SANS PICERL describe what to do once you already know what you are looking at; ASSURED structures the work before that, which most analysts otherwise learn informally on the job.

It is written as a teachable course: seven chapters, each with concept pages, a worked example, a quiz, and a transition into the next phase.

πŸ“‹ The Framework

Phase Chapter What it covers
A Alert Detection mechanisms (signature, anomaly, rule, behavioral), validation, alert parsing
S Subject Entity identification: four dimensions, entity types, behavioral framework, insider analysis
S Scope Investigation boundaries: regulatory, time, entity, infrastructure
U Uncover Evidence gathering: data sources, threat intelligence, MITRE ATT&CK, tooling
R Risk Impact Γ— likelihood assessment and the false-positive-as-finding doctrine
E Escalation Criteria, protocols, triage-vs-IR boundary, the 9-section handoff packet
D Documentation Standards, templates, pitfalls, closure and downstream uses

Two threaded cases run through every chapter's worked example: a finance-team phishing intrusion that escalates to IR, and a Cursor IDE false positive that closes at triage. The same methodology produces both verdicts.

Three themed glossaries support the chapters: B.A.D. (threat actors, campaigns, malware), C.A.T. (vendor and platform vocabulary), and C.L.E.A.R. (the analyst lexicon). They total around 670 terms, surfaced inline via hover tooltips.

πŸš€ Getting Started

Prerequisites: Node.js 20.3+ (or 22+) and pnpm.

git clone https://github.com/block/assured-methodology.git
cd assured-methodology
pnpm install
pnpm dev        # develop at http://localhost:4321
pnpm build      # production build + Pagefind search index
pnpm preview    # serve the production build (required for search)

πŸ“ Project Structure

src/
β”œβ”€β”€ content/docs/        # All methodology content (MDX): intro, 7 chapters, 3 glossaries
β”œβ”€β”€ components/assured/  # Teaching components (ChapterHero, FlipCard, ExampleStepper,
β”‚                          DefineTerm, PillNav, Quiz, Callout, ...)
β”œβ”€β”€ data/glossary.ts     # Term registry powering DefineTerm tooltips
β”œβ”€β”€ layouts/             # BaseLayout, ContentPageLayout
β”œβ”€β”€ pages/               # index, 404, docs/[...slug]
└── styles/              # global.css, assured.css, glossary.css, breadcrumbs.css

Stack: Astro 5 + MDX, Tailwind CSS 4, Pagefind client-side search (⌘K), TypeScript, Biome.

🀝 Contributing

Contributions are welcome. Fork, branch, make your change, verify with pnpm build && pnpm preview, and open a pull request; CONTRIBUTING.md has the full setup and the glossary-regeneration workflow. High-value areas:

  • Technical accuracy: MITRE technique mappings, regulatory citations, detection-mechanism descriptions
  • Content refinement: sharpen wording, fix factual drift, update tool references as the vendor landscape shifts
  • Case studies: worked examples beyond the two threaded cases (cloud-native intrusions, identity-provider abuse, supply chain)
  • Glossary entries: current threat actors, recent campaigns, new SOC tooling
  • Quiz items: application-grade questions that test methodology fluency on fresh scenarios

Keep the tone practical and evidence-based, and support claims with technical rationale: the content teaches; unsupported assertions are defects.

🌐 Deployment

The site deploys on Vercel at assured-methodology.vercel.app, building automatically from main. vercel.json supplies response headers and trailing-slash behavior; astro.config.ts sets the canonical site URL. The output is fully static and can be served from any web server.

πŸ“„ License

This repository uses a dual license:

πŸ‘¨β€πŸ’» About the Author

Timothy Zilber is a security engineer specializing in event triage and incident response. ASSURED grew out of his experience mentoring analysts through a workplace lateral-development program: teaching event triage exposed the lack of a clear, repeatable methodology for it. Existing frameworks covered incident response at a high level but not the alert-by-alert analysis work that precedes it. ASSURED is the structured method that came out of years of iterating on that training, shared here so the gap he had to cross informally is easier for the next analyst.

πŸ“ž Support

  • Content or technical issues: open a GitHub issue
  • Methodology questions: use GitHub Discussions
  • Collaboration: contact the author directly

πŸ”— Related Resources

About

Documentation site for security event triage

Resources

License

Unknown, CC-BY-4.0 licenses found

Licenses found

Unknown
LICENSE
CC-BY-4.0
LICENSE-CONTENT

Code of conduct

Contributing

Security policy

Stars

4 stars

Watchers

2 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors