Spreadsheet phrasing (#5)

* Fix wording on spreadsheet.rst * Update DM example to align with spreadsheet changes * Update T&E example wording * Update T&E example - purple team * Update T&E Example -- adversary emulation
center-for-threat-informed-defense · Apr 8, 2024 · 0d744c2 · 0d744c2
1 parent 6eff97f
commit 0d744c2
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 4 deletions.
diff --git a/docs/maxmature.rst b/docs/maxmature.rst
@@ -13,7 +13,7 @@ To illustrate the impact of leveraging the best practices in the M3TID framework
 
 * CTI: Subscribe to a customized threat intelligence feed. 
 * DM: Dedicate additional resources to developing and tuning detection analytics for identified adversary techniques. 
-* T&E: Institute a semi-annual purple team. 
+* T&E: Institute a semi-annual adversary emulation. 
 
 Those changes result in the following updated scores and the accompanying graphs: 
 

diff --git a/docs/measuring.rst b/docs/measuring.rst
@@ -40,8 +40,8 @@ As a notional example of implementing this assessment and scoring approach, imag
 Company A: In-house implementation of a nascent threat-informed defense.
 
 * CTI: The organization has CTI on IOCs and software used across multiple ATT&CK Techniques. Analysts occasionally read freely available generic reports and disseminate IOCs to the rest of the team.
-* DM: Despite excellent CTI, the company has not leveraged that CTI effectively to prioritize their investments in Defensive Measures. They automatically apply patches, collect data as per standard best-practices, run a set of imported SIGMA rules, respond to alerts as needed, and do not conduct any deception operations.
-* T&E: The company is only minimally investing in Testing & Evaluation, limiting their current testing to an annual penetration test that is not tailored to any specific adversary or set of adversary behaviors.
+* DM: Despite excellent CTI, the company has not leveraged that CTI effectively to prioritize their investments in Defensive Measures. They apply patches as needed, have identified critical assets, collect data as per standard best-practices, run a set of imported SIGMA rules, respond to alerts as needed, and do not conduct any deception operations.
+* T&E: The company is only minimally investing in Testing & Evaluation, limiting their current testing to an annual purple team that is not tailored to any specific adversary or set of adversary behaviors. A report is generated.
 
 To aid in leveraging this methodology for assessment, this paper is being released with a Proof of Concept spreadsheet-based calculator. The screenshots below are taken from
 the Results tab of that calculator.

diff --git a/docs/spreadsheet.rst b/docs/spreadsheet.rst
@@ -1,7 +1,7 @@
 Appendix B - Scoring Spreadsheet
 ================================
 
-As part of the M3TID team implemented the Dimensions, Components, and Maturity Level framework, as well as the
+As part of the M3TID project, the team implemented the Dimensions, Components, and Maturity Level framework, as well as the
 measurement approach, in an Excel-based tool to make leveraging the M3TID framework more accessible for the 
 community. The tool has 6 main tabs, described below: