You are a penetration tester engaged to identify potential threats and vulnerabilities within an organization's network. During the planning and scoping phase, you intend to leverage an industry-standard framework to map out the tactics, techniques, and procedures (TTPs) that attackers are likely to use against your client's industry. Which framework is most suitable for this purpose?
MITRE ATT&CK
Information Systems Security Assessment Framework (ISSAF)
General Data Protection Regulation (GDPR)
PCI DSS