Skip to content

vanermi-labs/brain-framework

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
docs
docs
 
 
examples
examples
 
 
stix
stix
 
 
taxonomy
taxonomy
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CITATION.cff
CITATION.cff
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
TRADEMARKS.md
TRADEMARKS.md
 
 

Repository files navigation

BRA!N Framework

Current version: v1.0 Released: June 2, 2026 License: CC BY-NC-SA 4.0 Trademark: BRA!N™ is a trademark of Vanermi DOI: 10.5281/zenodo.20492326

Behavioral Risk Analysis for Information Networks

BRA!N is an open framework for analyzing human risk in cybersecurity.

It provides a structured model to identify, name, and classify the behavioral, cognitive, knowledge-related, and organizational factors that shape security-relevant human decisions in real-world contexts.

BRA!N is designed to move beyond the generic idea of the "human factor" and toward a more precise, traceable, and comparable analysis of why unsafe decisions and actions happen.

Purpose

BRA!N provides a common language and a structured reference model for understanding human risk in cybersecurity from a defensive perspective.

The framework focuses on four core object types:

  • Behaviors (B): observable phases of human behavior relevant to security.
  • Drivers (D): underlying factors that increase the likelihood of unsafe outcomes.
  • Triggers (TR): recurrent stimuli or situational cues that activate or amplify those Drivers.
  • Controls (C): interventions designed to reduce, compensate for, or contain risk.

Why BRA!N

Technical security has mature frameworks to classify threats, weaknesses, and controls. Human risk is still often treated as a vague or generic category.

BRA!N aims to close that gap by offering a framework that can be used to:

  • analyze incidents from a human-risk perspective;
  • identify recurring behavioral and cognitive patterns;
  • compare coverage across awareness and training programs;
  • design more targeted and effective controls;
  • support research, simulation, red team, blue team, DFIR, GRC, and awareness use cases.

Scope

BRA!N focuses on the analysis of human risk in cybersecurity and adjacent security-relevant contexts.

It is intended to support:

  • incident analysis;
  • behavioral risk modeling;
  • awareness and training design;
  • defensive gap assessment;
  • control design and prioritization;
  • structured discussion across teams, vendors, researchers, and practitioners.

BRA!N is not a replacement for technical threat frameworks. It is meant to complement them.

Repository Contents

This public package currently includes:

  • Documentation: public framework papers in English and Spanish.
  • Taxonomy: canonical JSON, object cards, and relationship model for Behaviors, Drivers, Triggers, and Controls.
  • STIX: STIX 2.x bundle for BRA!N Drivers and Triggers represented as Attack Patterns.
  • Examples: reserved space for reviewed public case studies and applications.

Repository Structure

brain-framework/
├── README.md                  # Project overview and public entry point
├── LICENSE.md                 # CC BY-NC-SA 4.0 license text
├── TRADEMARKS.md              # BRA!N trademark policy and permitted uses
├── SECURITY.md                # Security reporting policy
├── CITATION.cff               # Citation metadata for academic and tooling use
├── CHANGELOG.md               # Public release history and versioning notes
├── docs/
│   ├── brain-framework-v1.0-en.pdf    # English preprint
│   └── brain-framework-v1.0-es.pdf    # Spanish editorial version
├── taxonomy/
│   ├── README.md                       # Taxonomy overview
│   ├── SCHEMA.md                       # Public taxonomy JSON schema
│   ├── brain-taxonomy-v1.json          # Canonical taxonomy graph
│   ├── control-catalog-v1.json         # Controls-only catalog view
│   ├── behaviors/                      # Behavior object cards
│   ├── drivers/                        # Driver object cards
│   ├── triggers/                       # Trigger object cards
│   └── controls/                       # Control object cards
├── stix/
│   └── brain-v1.0.json                 # Drivers and Triggers as STIX Attack Patterns
└── examples/                           # Reserved for reviewed public case studies

Using BRA!N

Quick Start

  1. Read the framework documentation in docs/ in English or Spanish.
  2. Explore the taxonomy in taxonomy/, including Behaviors, Drivers, Triggers, and Controls.
  3. Import the STIX bundle from stix/ into your preferred CTI platform.

Importing into OpenCTI

The STIX 2.1 bundle brain-v1.0.json can be imported directly into OpenCTI through the standard data import interface.

Drivers and Triggers appear as Attack Patterns organized under the BRA!N Kill Chain.

Importing into MITRE ATT&CK Navigator

The STIX bundle is compatible with MITRE ATT&CK Navigator workflows that consume STIX Attack Pattern data.

The x_mitre_id field contains the BRA!N identifier, for example D001 or TR0001, following the de facto STIX convention adopted by the community for Attack Pattern identifiers.

Using the Taxonomy

The taxonomy package contains the 117 public framework objects:

  • 5 Behaviors
  • 21 Drivers
  • 45 Triggers
  • 46 Controls

The canonical machine-readable source is brain-taxonomy-v1.json. Human-readable object cards are provided under taxonomy/ for browsing, review, and citation.

Current Status

BRA!N is under active development. Versioning is used to preserve traceability as the framework grows.

Current publication candidates include:

  • BRA!N taxonomy v1 in JSON and Markdown form.
  • STIX v1 covering Drivers and Triggers.
  • Controls in taxonomy JSON and Markdown form.

Controls are not included in the STIX bundle yet. Large-scale VCDB validation artifacts are not included in this public package yet.

Open Framework

BRA!N is published as an open framework for study, adoption, review, and improvement by the wider community.

The content is available for non-commercial use under Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0).

The goal is to help establish a shared reference model for human risk in cybersecurity while preserving openness in derived framework materials.

For commercial use of BRA!N content, methodology, or marks, consult the Trademark Policy and contact brain@vanermi.org.

License

The BRA!N Framework content is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0).

You are allowed to:

  • Share: copy and redistribute the material in any medium or format.
  • Adapt: remix, transform, and build upon the material.

Under the following conditions:

  • Attribution: give appropriate credit and indicate if changes were made.
  • NonCommercial: do not use the material for commercial purposes.
  • ShareAlike: if you remix, transform, or build upon the material, distribute your contributions under the same license.

See LICENSE.md for the full license text.

For commercial licensing inquiries, contact brain@vanermi.org.

Trademark Notice

The BRA!N name, logo, and related branding are not granted under the content license.

Use of BRA!N marks must not imply endorsement, affiliation, authorization, partnership, certification, or official status without permission.

Independent educational use, internal organizational use, academic research, and analytical references to BRA!N are permitted when they are truthful, proportionate, and non-confusing.

Vanermi claims and reserves trademark rights in the BRA!N name and related branding.

See TRADEMARKS.md for the full trademark policy.

Attribution

When referencing or adapting BRA!N, please provide clear attribution to the project and link back to the public repository.

Suggested attribution format:

BRA!N Framework. Content licensed under CC BY-NC-SA 4.0. BRA!N is a trademark claimed by Vanermi.

Authors

BRA!N is co-authored by Marcos Sánchez Madrid, Threat Intelligence Analyst at Vanermi; Jennifer Agudo de Blas, Psychologist; and Alberto Sánchez Carmona, PhD, Neuropsychologist.

The framework is initiated and maintained by Vanermi.

Citation

Suggested academic citation:

Sánchez Madrid M, Agudo de Blas J, y Sánchez Carmona A. (2026). BRA!N: A Framework for Human Risk Analysis in Cybersecurity. Version 1.0. Zenodo. https://doi.org/10.5281/zenodo.20492326.

DOI: 10.5281/zenodo.20492326

For BibTeX, RIS, and other citation formats, see CITATION.cff.

Governance

BRA!N is initiated and stewarded by Vanermi. Vanermi acts as caretaker of the framework to keep it open, traceable, and protected from confusion, fragmentation, and unauthorized claims of official status.

As the framework develops, additional governance documentation may be published to clarify maintainership, review process, versioning, contribution acceptance, and official releases.

Contact

  • For technical questions, bug reports, and taxonomy improvements, open an issue in this repository.
  • For commercial licensing, partnership inquiries, and trademark permissions, contact brain@vanermi.org.
  • For general inquiries about Vanermi, visit https://vanermi.com.

BRA!N exists to make human risk in cybersecurity more structured, more explainable, and more actionable.

About

BRA!N is an open framework for making human risk in cybersecurity more structured, more explainable, and more actionable.

brain.vanermi.org

Topics

framework risk-analysis phishing cybersecurity behavior-analysis threat-intelligence security-awareness cognitive-bias human-risk

Resources

Readme

License

View license

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors