Skip to content

Commit

Permalink
Update tne.rst
Browse files Browse the repository at this point in the history 
Feedback Updates
  • Loading branch information
@blackwidow0616
blackwidow0616 authored Feb 13, 2024
1 parent 45e5ae2 commit 96ef1ba
Showing 1 changed file with 11 additions and 3 deletions.
14 changes: 11 additions & 3 deletions docs/components/tne.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,13 @@
Test & Evaluation
==================

This section outlines the key components that have been identified for the Test & Evaluation dimension as well as maturity levels within the components. These components and
levels form the basis for assessing how threat informed an organization’s T&E program is. This assessment can be conducted using the companion spreadsheet published with this
white paper.
This section outlines the key components that have been identified for the Test & Evaluation dimension as well as maturity levels within the components. These components and levels form the basis for assessing how threat informed an organization’s T&E program is. This assessment can be conducted using the companion spreadsheet published with this white paper.

Type of Testing
----------------

Are cybersecurity tests focused on helping defenders improve against prioritized threats?

1. None
2. Security Control / Risk Assessment (reactive, compliance-focused)
3. Vulnerability Assessment / Penetration Test (reactive, threat-focused)
Expand All @@ -19,6 +19,8 @@ Type of Testing
Frequency of Testing
-----------------------------

Do your tests keep pace with changing adversaries and defended technologies?

1. None
2. Annual
3. Semi-Annual
Expand All @@ -29,6 +31,8 @@ Frequency of Testing
Test Planning
------------------------

Are tests coordinated and prioritized on the most relevant threat behaviors?

1. None
2. Ad hoc
3. Deliberately planned and scoped, informed by Threat Actor or prioritized TTPs [#f3]_
Expand All @@ -39,6 +43,8 @@ Test Planning
Test Execution
---------------------------------

Does testing cover adversary TTPs in addition to traditional IOCs?

1. None
2. Scanners or other tooling, not threat-focused
3. Commodity tooling, IOC-focused
Expand All @@ -49,6 +55,8 @@ Test Execution
Test Results
---------------------------------

How effectively do test results cause improvements in defensive measures?

1. None
2. Results generated
3. Results generated, leadership interest, actions taken
Expand Down

0 comments on commit 96ef1ba

Please sign in to comment.