From 96ef1ba5d0b58945267f2f73312e9d882eb13a36 Mon Sep 17 00:00:00 2001 From: Ivy Oeltjenbruns <38511035+blackwidow0616@users.noreply.github.com> Date: Tue, 13 Feb 2024 15:18:47 -0600 Subject: [PATCH] Update tne.rst Feedback Updates --- docs/components/tne.rst | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/docs/components/tne.rst b/docs/components/tne.rst index 7b7524d..2dd3d6b 100644 --- a/docs/components/tne.rst +++ b/docs/components/tne.rst @@ -2,13 +2,13 @@ Test & Evaluation ================== -This section outlines the key components that have been identified for the Test & Evaluation dimension as well as maturity levels within the components. These components and -levels form the basis for assessing how threat informed an organization’s T&E program is. This assessment can be conducted using the companion spreadsheet published with this -white paper. +This section outlines the key components that have been identified for the Test & Evaluation dimension as well as maturity levels within the components. These components and levels form the basis for assessing how threat informed an organization’s T&E program is. This assessment can be conducted using the companion spreadsheet published with this white paper. Type of Testing ---------------- +Are cybersecurity tests focused on helping defenders improve against prioritized threats? + 1. None 2. Security Control / Risk Assessment (reactive, compliance-focused) 3. Vulnerability Assessment / Penetration Test (reactive, threat-focused) @@ -19,6 +19,8 @@ Type of Testing Frequency of Testing ----------------------------- +Do your tests keep pace with changing adversaries and defended technologies? + 1. None 2. Annual 3. Semi-Annual @@ -29,6 +31,8 @@ Frequency of Testing Test Planning ------------------------ +Are tests coordinated and prioritized on the most relevant threat behaviors? + 1. None 2. Ad hoc 3. Deliberately planned and scoped, informed by Threat Actor or prioritized TTPs [#f3]_ @@ -39,6 +43,8 @@ Test Planning Test Execution --------------------------------- +Does testing cover adversary TTPs in addition to traditional IOCs? + 1. None 2. Scanners or other tooling, not threat-focused 3. Commodity tooling, IOC-focused @@ -49,6 +55,8 @@ Test Execution Test Results --------------------------------- +How effectively do test results cause improvements in defensive measures? + 1. None 2. Results generated 3. Results generated, leadership interest, actions taken