Update index.rst

M3TID final v1.0 changes, as of 13 Feb 2024.

docs/index.rst

@@ -6,7 +6,7 @@ Background
 
 Globally, security practitioners, security program leaders, and Board members seek to answer the question “How secure are we?” Our research adds a complementary approach to answering that question, to be combined with traditional cybersecurity best practices and maturity models. This is a starting point for building an effective Threat-Informed Defense that enables a data-driven approach to optimizing investments. 
 
-The Center for Threat-Informed Defense (the Center) contends that one of the most impactful ways to manage a security program is to leverage knowledge of cyber threats to prioritize the allocation of limited resources to reduce overall risk. As risk is the product of probability and impact, it is crucially important to have a thorough knowledge of actual threat actors, their capabilities, and their typical tactics, techniques, and procedures (TTPs). By understanding the adversary well, an organization can prioritize their defenses as well as pre-emptively and continuously assess themselves to identify gaps. This enables organizations to shift to a more proactive approach to security, constantly learning, assessing, and improving their security programs. The goal of this shift is to increase the cost and difficulty for the adversaries thereby increasing security. Forcing adversaries to create new tooling, find new vulnerabilities and exploits, and attempt to discover new paths into an organization’s environment drives their cost in manpower, infrastructure, and time. It also forces them to restart their attack lifecycle, creating additional opportunities for detection and response. The ultimate goal is to create a situation such that attacking is so costly and/or so difficult that it is no longer reasonable for the adversary to attack
+The Center for Threat-Informed Defense (the Center) contends that one of the most impactful ways to manage a security program is to leverage knowledge of cyber threats to prioritize the allocation of limited resources to reduce overall risk. As risk is the product of probability and impact, it is crucially important to have a thorough knowledge of actual threat actors, their capabilities, and their typical tactics, techniques, and procedures (TTPs). By understanding the adversary well, an organization can prioritize their defenses as well as pre-emptively and continuously assess themselves to identify gaps. This enables organizations to shift to a more proactive approach to security, constantly learning, assessing, and improving their security programs. The goal of this shift is to increase the cost and difficulty for the adversaries thereby increasing security. Forcing adversaries to create new tooling, find new vulnerabilities and exploits, and attempt to discover new paths into an organization’s environment drives their cost in manpower, infrastructure, and time. It also forces them to restart their attack lifecycle, creating additional opportunities for detection and response. The ultimate goal is to create a situation such that attacking is so costly and/or so difficult that it is no longer reasonable for the adversary to attack.
 
 
 The M3TID Project