Different options or categories for Impact

Question

Different options or categories for Impact

vaq130 opened this issue 2 years ago · 3 comments

Under tactic, there is the Impact option. There should be multiple options for impact as the impact could be an audit failure, or a compliance violation, etc.

Answer 1 · 2023-03-03T10:36:30.000Z

I agree. I think we should be taking this into consideration when we will create attack "stories" (not sure about the name)

Answer 2 · 2023-03-08T01:29:32.000Z

@vaq130 I wonder if the impact option would come under technique or procedure rather than tactic -> tactics are fairly high level in the framework (being aligned to ATT&CK).

Also, do you envision this as closed list of options or more free text type attribute?

Answer 3 · 2023-03-19T18:15:55.000Z

Sorry for the delay. I agree "impact" is not a true tactic, but is more of a procedure. I do not think this should be a closed set of options. There should be some good examples, but as this framework evolves, we want it to have broader applicability as the landscape and potential impact grows.