Update README.md

README.md

@@ -12,9 +12,6 @@ A collection of essential resources related to cyber threat intelligence theory.
 | [The US Central Intelligence Agency](https://en.wikipedia.org/wiki/Central_Intelligence_Agency) | The psychology of intelligence analysis by the CIA’s Center for the Study of Intelligence | [Psychology_of_Intelligence_Analysis.pdf](https://www.ialeia.org/docs/Psychology_of_Intelligence_Analysis.pdf) |
 | [iSIGHT Partners](https://www.linkedin.com/company/isight-partners) | The first definitive guide to cyber threat intelligence ever produced | [cti-guide.pdf](https://cryptome.org/2015/09/cti-guide.pdf) |
 | [Recorded Future](https://recordedfuture.com)| The traditional intelligence life cycle tailored to threat intelligence embedded in modern security operations| [What the 6 Phases of the Threat Intelligence Lifecycle Mean for Your Team](https://web.archive.org/web/20210330021716/https://www.recordedfuture.com/threat-intelligence-lifecycle-phases/) |
-| [David J. Bianco](https://twitter.com/DavidJBianco) | Analysing relationships between the types of indicators you might use to detect an adversary's activities and how much pain it will cause them when you are able to deny those indicators to them | [the-pyramid-of-pain.html](https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html) |
-| Center for Cyber Intelligence Analysis and Threat Research | The Diamond Model: a novel model of intrusion analysis built by analysts, derived from years of experience | [diamond.pdf](https://www.activeresponse.org/wp-content/uploads/2013/07/diamond.pdf?adlt=strict) |
-| [Lockheed Martin](https://en.wikipedia.org/wiki/Lockheed_Martin) | The Cyber Kill Chain® framework is part of the Intelligence Driven Defense® model for the identification and prevention of cyber intrusions activity. The model identifies what the adversaries must complete in order to achieve their objective | [Cyber_Kill_Chain.pdf](https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/Gaining_the_Advantage_Cyber_Kill_Chain.pdf) |
 | [SANS](https://www.sans.org/) | SANS shared a Cyber Kill Chain tailored to Industrial Control Systems (ICS), written by Michael J. Assante and Robert M. Lee. | [The Industrial Control System Cyber Kill Chain](https://github.com/curated-intel/CTI-fundamentals/blob/main/Archive/SANS%20-%20ICS%20Kill%20Chain%20-%20Whitepaper.pdf) |
 | [Mercyhurst University Institute for Intelligence Studies](https://en.wikipedia.org/wiki/Mercyhurst_University_Institute_for_Intelligence_Studies) | The Analyst’s Style Manual is a product intended to assist student analysts with the many perplexing and complex rules they should follow in producing written intelligence products | [analysts_style_manual.pdf](https://ncirc.bja.ojp.gov/sites/g/files/xyckuh326/files/media/document/analysts_style_manual.pdf) |
 | [Freddy M](https://no.linkedin.com/in/fmurre?trk=pulse-article_main-author-card) | The Intelligence Architecture Map is based on interviews of industry experts, former intelligence practitioners, and Freddy's personal views. It represents a logical and meaningful way of how different aspects of producing intelligence should be put together. | [intelligence-architecture-map-freddy-m](https://www.linkedin.com/pulse/intelligence-architecture-map-freddy-m/) |
@@ -27,6 +24,17 @@ A collection of essential resources related to cyber threat intelligence theory.
 | [mxm0z](https://github.com/mxm0z/)|This is a collection of useful resources concerning intelligence writing such as manuals/guides, standards, books, and articles|[Awesome Intelligence Writing](https://github.com/mxm0z/awesome-intelligence-writing) |
 | [threat-intelligence.eu](https://threat-intelligence.eu) | Technical standards related to threat intelligence | [Standards related to Threat Intelligence](https://threat-intelligence.eu/standards/) |
 
+### `CTI Frameworks`
+
+| Author | Description | Resource URL |
+| --- | --- | --- |
+| [David J. Bianco](https://twitter.com/DavidJBianco) | Analysing relationships between the types of indicators you might use to detect an adversary's activities and how much pain it will cause them when you are able to deny those indicators to them | [the-pyramid-of-pain.html](https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html) |
+| Center for Cyber Intelligence Analysis and Threat Research | The Diamond Model: a novel model of intrusion analysis built by analysts, derived from years of experience | [diamond.pdf](https://www.activeresponse.org/wp-content/uploads/2013/07/diamond.pdf?adlt=strict) |
+| [Lockheed Martin](https://en.wikipedia.org/wiki/Lockheed_Martin) | The Cyber Kill Chain® framework is part of the Intelligence Driven Defense® model for the identification and prevention of cyber intrusions activity. The model identifies what the adversaries must complete in order to achieve their objective | [Cyber_Kill_Chain.pdf](https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/Gaining_the_Advantage_Cyber_Kill_Chain.pdf) |
+| MITRE | MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. | [attack.mitre.org](https://attack.mitre.org/) |
+| Mandiant | Mandiant’s depiction of the targeted attack lifecycle illustrates the major phases of a typical intrusion. | [mandiant.com](https://www.mandiant.com/resources/targeted-attack-lifecycle) |
+| [Paul Pols](https://www.linkedin.com/in/paulpols) | The Unified Kill Chain was developed through a hybrid research approach, combining design science with qualitative research methods. The Unified Kill Chain extends and combines existing models, such as Lockheed Martin's Cyber Kill Chain® and MITRE's ATT&CK® | [unifiedkillchain.com](https://www.unifiedkillchain.com/) |
+
 ### `Practical Threat Intelligence`
 
 | Author | Description | Resource URL |
@@ -55,3 +63,6 @@ A collection of essential resources related to cyber threat intelligence theory.
 | [Recorded Future](https://recordedfuture.com)| Recorded Future maintains a handbook detailing their vendor-biased playbooks for responding to typical CTI-type detections within an enterprise CTI program. This is useful for understanding what threat intelligence response cases may look like in an enterprise CTI program | [The Intelligence Playbook: Practical Applications Across the Enterprise](https://go.recordedfuture.com/hubfs/The_Intelligence_Playbook_Practical_Applications_Across_the_Enterprise.pdf) |
 | [Mandiant](https://www.mandiant.com/) | The core skills framework provides enterprises and individuals guidance with three things: 1. determine appropriate development roadmaps to ensure CTI skills progression; 2. provide a guidepost for aspirant CTI analysts to tailor their studies; 3. assist network defenders in understanding the roles and responsibilities of a CTI analyst | [The Mandiant Cyber Threat Intelligence (CTI) Analyst Core Competencies Framework](https://www.mandiant.com/sites/default/files/2022-05/cti-analyst-core-competencies-framework-v1.pdf) |
 | [CERTBI](https://cert.bancaditalia.it/)| This whitepaper details an enterprise-friendly service architecture for offering an enhanced CTI capability | [A service architecture for an enhanced CTI capability](http://ceur-ws.org/Vol-2940/paper37.pdf) |
+| CREST | CREST's Maturity Assessment Tools provide a mechanism for carrying out an assessment of the level of cyber threat intelligence maturity an organisation has at a high level. | [crest-approved.org](https://www.crest-approved.org/cyber-threat-intelligence-maturity-assessment-tools/) |
+| Mandiant | Mandiant has developed a comprehensive Cyber Threat Intelligence (CTI) Analyst Core Competencies Framework as a guide for the 
+CTI discipline to identify, build, foster, and retain talent | [mandiant.com](https://www.mandiant.com/sites/default/files/2022-05/cti-analyst-core-competencies-framework-v1.pdf) |