This study addresses the challenge faced by small and medium-sized enterprises (SMEs) in translating cyber threat intelligence into actionable security measures due to limited resources. To bridge this gap, the authors propose the first end-to-end AI-driven framework that fine-tunes the all-mpnet-base-v2 model on a dataset of 74,986 event–tactic/technique pairs to automatically construct a Cyber Catalog knowledge base. This system enables precise mapping from cyber events to MITRE ATT&CK tactics and techniques, CIS Critical Security Controls, and SMART metrics. By integrating natural language processing with knowledge graph techniques, the approach achieves state-of-the-art performance on semantic similarity tasks, with Spearman’s ρ at 0.7894, Pearson’s r at 0.8756, and MAE of 0.135—significantly outperforming baseline methods. Notably, this work presents the first systematic integration of these three major cybersecurity standards and releases both data and models to support deployment in resource-constrained environments.

The escalating frequency of cyber-attacks poses significant challenges for organisations, particularly small enterprises constrained by limited in-house expertise, insufficient knowledge, and financial resources. This research presents a novel framework that leverages Natural Language Processing to address these challenges through automated mapping of cyber incidents to adversary techniques. We introduce the Cyber Catalog, a knowledge base that systematically integrates CIS Critical Security Controls, MITRE ATT&CK techniques, and SMART metrics. This integrated resource enables organisations to connect threat intelligence directly to actionable controls and measurable outcomes. To operationalise the framework, we fine-tuned all-mpnet-base-v2, a highly regarded sentence-transformers model used to convert text into numerical vectors on an augmented dataset comprising 74,986 incident-technique pairs to enhance semantic similarity between cyber incidents and MITRE ATT&CK techniques. Our fine-tuned model achieved a Spearman correlation of 0.7894 and Pearson correlation of 0.8756, demonstrating substantial improvements over top baseline models including all-mpnet-base-v2, all-distilroberta-v1, and all-MiniLM-L12-v2. Furthermore, our model exhibited significantly lower prediction errors (MAE = 0.135, MSE = 0.027) compared to all baseline models, confirming superior accuracy and consistency. The Cyber Catalog, training dataset, trained model, and implementation code made publicly available to facilitate further research and enable practical deployment in resource-constrained environments. This work bridges the gap between threat intelligence and operational security management, providing an actionable tool for systematic cyber incident response and evidence-based cyber risk management.