We welcome your feedback about MITRE Engage™ v0.9 Beta: Email us at engage@mitre.org

Persona Creation

Plan and create a fictitious human user through a combination of planted data and revealed behavior patterns in support of your strategic objectives

Persona Creation is the process of planning for and creating the personas required to support the deception story. This process should be informed by the previously generated threat model for the defender's target adversary. For example, if the adversary targets a specific industry, the persona might be created to look like someone who works in that industry. The persona outline should include basic information about the persona itself such as their name, their relationship to the environment (is it a work computer with no personal information? A personal computer with no work information? Some mix of both?), and geographic location. Often, and especially for a short-term engagement operation, these persona traits can be fairly broad.

For example, it is unlikely that a persona used in a short-term ransomware detonation operation would require a lot of details to be effective. However, for a longer-term insider threat protection operation, the defender may need to create a persona with the online presence of a corporate employee, including name, birthday, address, etc. Many factors should be considered when determining how in-depth a persona should be, including adversary sophistication, defender resources, and deception story.

Once the persona traits have been decided, the planning process should determine how these traits will manifest in the environment. For example, if the persona is named Jane Doe, then maybe that persona has a mailbox on her desktop for the email janedoe1234@example.com. Persona creation is important to running an operation, as personas are resource intensive to create and maintain and can reveal the ruse if discovered as fake by the adversary.

ID: SAC0002
Type:  Strategic 
Goals:  Prepare
Approaches:  Planning