diff --git a/docs/index.rst b/docs/index.rst index db9f35f..9bcd593 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -4,31 +4,17 @@ M3TID |version| Background ----------- -Globally, security practitioners, security program leaders, and Board members seek to answer the question “Are we secure?” Our research adds a complementary approach to -answering that question, to be combined with traditional cybersecurity best practices and maturity models. This is a starting point for building an effective Threat-Informed -Defense that enables a data-driven approach to optimizing investments. +Globally, security practitioners, security program leaders, and Board members seek to answer the question “How secure are we?” Our research adds a complementary approach to answering that question, to be combined with traditional cybersecurity best practices and maturity models. This is a starting point for building an effective Threat-Informed Defense that enables a data-driven approach to optimizing investments. -The Center for Threat-Informed Defense (the Center) contends that one of the most impactful ways to manage a security program is to leverage knowledge of cyber threats to -prioritize the allocation of limited resources to reduce overall risk. As risk is the product of probability and impact, it is crucially important to have a thorough knowledge -of actual threat actors, their capabilities, and their typical tactics, techniques, and procedures (TTPs). By understanding the adversary well, an organization can prioritize -their defenses as well as pre-emptively and continuously assess themselves to identify gaps. This enables organizations to shift to a more proactive approach to security, -constantly learning, assessing, and improving their security programs. The goal of this shift is to increase the cost and difficulty for the adversaries. +The Center for Threat-Informed Defense (the Center) contends that one of the most impactful ways to manage a security program is to leverage knowledge of cyber threats to prioritize the allocation of limited resources to reduce overall risk. As risk is the product of probability and impact, it is crucially important to have a thorough knowledge of actual threat actors, their capabilities, and their typical tactics, techniques, and procedures (TTPs). By understanding the adversary well, an organization can prioritize their defenses as well as pre-emptively and continuously assess themselves to identify gaps. This enables organizations to shift to a more proactive approach to security, constantly learning, assessing, and improving their security programs. The goal of this shift is to increase the cost and difficulty for the adversaries thereby increasing security. Forcing adversaries to create new tooling, find new vulnerabilities and exploits, and attempt to discover new paths into an organization’s environment drives their cost in manpower, infrastructure, and time. It also forces them to restart their attack lifecycle, creating additional opportunities for detection and response. The ultimate goal is to create a situation such that attacking is so costly and/or so difficult that it is no longer reasonable for the adversary to attack The M3TID Project ----------------- -The Measure, Maximize, Mature Threat-Informed Defense (M3TID) project extends this concept of leveraging Threat understanding to improve a security program by working towards -an actionable definition of Threat-Informed Defense and its associated key activities. The M3TID project is based on the hypothesis that applying Threat-Informed Defense will -improve the efficiency of a security program and reduce organizational risk. The project captures insights and best practices for what it means to be Threat-Informed across a -Security Program, expanding the Dimensions of Threat-Informed Defense into key components that organizations should implement. For each of these components, the M3TID project -will define discrete levels reflecting implementations of that component from least-to-most threat-informed. - -The intent of the M3TID project is that organizations, from security practitioners to executive leaders, will be able to leverage this measurement framework to better assess -and understand their current position in terms of a Threat-Informed Defense security program. With this model, the Center can develop a Roadmap to guide key next steps or -investments to help organizations improve their level of Threat-Informed Defense. With this first framework for measuring the degree to which threat information is guiding -security practices, the Center can start to gather the data needed to refine the model to reflect the relative importance of each of these components in contributing to -bottom-line cyber risk reduction. +The Measure, Maximize, Mature Threat-Informed Defense (M3TID) project extends this concept of leveraging Threat understanding to improve a security program by working towards an actionable definition of Threat-Informed Defense (TID) and its associated key activities. The M3TID project is based on the hypothesis that applying Threat-Informed Defense will improve the efficiency of a security program and reduce organizational risk. The project captures insights and best practices for what it means to be threat-informed across a security program, expanding the dimensions of Threat-Informed Defense into key components that organizations should implement. For each of these components, the M3TID project defines discrete levels reflecting implementations of that component from least-to-most threat-informed. + +The intent of the M3TID project is that organizations, from security practitioners to executive leaders, will be able to leverage this measurement framework to better assess and understand their current position in terms of a Threat-Informed Defense security program. With this first framework for measuring the degree to which threat information is guiding security practices, the Center can start to gather the data needed to refine the model to reflect the relative importance of each of these components in contributing to bottom-line cyber risk reduction. .. toctree::