Different options or categories for Impact
vaq130 opened this issue · 3 comments
vaq130 commented
Under tactic, there is the Impact option. There should be multiple options for impact as the impact could be an audit failure, or a compliance violation, etc.
rubtoa commented
I agree. I think we should be taking this into consideration when we will create attack "stories" (not sure about the name)
NaorPenso commented
vaq130 commented
Sorry for the delay. I agree "impact" is not a true tactic, but is more of a procedure. I do not think this should be a closed set of options. There should be some good examples, but as this framework evolves, we want it to have broader applicability as the landscape and potential impact grows.