Merge pull request #12993 from rudneir2/patch-2

Update map-threats-it-environment.yml - ADO 295085
MicrosoftDocs · Sep 19, 2024 · 13ad988 · 13ad988
2 parents dcf697b + 05b63a8
commit 13ad988
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 10 deletions.
diff --git a/docs/solution-ideas/articles/map-threats-it-environment-content.md b/docs/solution-ideas/articles/map-threats-it-environment-content.md
@@ -1,20 +1,20 @@
 [!INCLUDE [header_file](../../../includes/sol-idea-header.md)]
 
-This article explains how to diagram the essential IT environment of your organization and develop a threat map. These diagrams can help you to plan and build your defensive layer of security. Understanding your IT environment and how it's architected is essential to defining the security services that the environment requires for necessary levels of protection.
+This article outlines how to diagram your organization's core IT environment and create a threat map. These diagrams are valuable tools for planning and building a robust defensive security layer. Understanding your IT environment and its architecture is crucial for identifying the security services needed to provide adequate protection.
 
-Computer systems contain information that is valuable to the organizations that produce it—and to malicious actors. A malicious actor can be an individual or a group of people who perform malicious acts against a person or organization. Their efforts can cause harm to the computers, devices, systems, and networks of companies. Their goals are to compromise or steal valuable information by using threats like malware or brute force attacks.
+Computer systems hold information that is not only valuable to the organizations that generate it but also to malicious actors. These actors, whether individuals or groups, engage in harmful activities aimed at compromising or damaging the computers, devices, systems, and networks of companies. Their goal is often to steal or corrupt sensitive data using threats like malware or brute force attacks.
 
-In this article, we look at a way to map the threats against your IT environment so that you can plan how to use Microsoft security services to implement your security strategy. This is the second article in a series of five articles that are introduced in [Use Azure monitoring to integrate security components](../../guide/security/azure-monitor-integrate-security-components.yml).
+In this article, we explore a method for mapping threats to your IT environment, enabling you to plan the implementation of Microsoft security services as part of your security strategy. This is the second article in a series of five, as introduced in the previous installment. [Use Azure monitoring to integrate security components](../../guide/security/azure-monitor-integrate-security-components.yml).
 
-The good news is that you don't need to create a threat map from scratch. The MITRE ATT&CK matrix is a great solution to help you develop a threat map. MITRE ATT&CK is a global knowledge database that maps threats that are based on the tactics and techniques that are observed in the real world. The MITRE Corporation catalogs every threat available and discovers many details of how those threats work and how you can defend against them. It's a public service that you can access online at [MITRE ATT&CK®](https://attack.mitre.org).
+The good news is that you don’t need to create a threat map from scratch. The MITRE ATT&CK matrix offers an excellent resource to help you develop one. MITRE ATT&CK is a global knowledge base that maps real-world threats based on observed tactics and techniques. The MITRE Corporation documents every known threat in detail, providing valuable insights into how these threats operate and how you can defend against them. This publicly accessible resource is available online at MITRE ATT&CK®.
 
-This article uses a subset of those threats to present an example of how you could map threats against your IT environment.
+In this article, we use a subset of these threats to illustrate how you can map threats to your IT environment.
 
 ## Potential use cases
 
-Some threats are widespread regardless of the industry segment, such as ransomware, DDoS attacks, cross-site scripting, SQL injection, and so on. However, some organizations have concerns about specific types of threats that are particular to their industry or that were the basis of cyber-attacks that they've experienced. The diagram presented in this article can help you map such threats for your organization according to the area that malicious actors are likely to attack. Developing a threat map helps you to plan the layers of defense that are necessary to have a more secure environment.
+Some threats are common across all industries, such as ransomware, DDoS attacks, cross-site scripting, and SQL injection. However, many organizations face specific threats unique to their industry or based on past cyberattacks they’ve encountered. The diagram in this article can help you map those threats for your organization by identifying the areas most likely to be targeted by malicious actors. Creating a threat map enables you to plan the necessary defense layers for a more secure environment.
 
-You can use this diagram with different combinations of attacks to understand how to avoid and mitigate those attacks. You don't necessarily need to use the MITRE ATT&CK framework. The framework is only an example. Microsoft Sentinel, and other Microsoft security services, have worked with MITRE to provide insightful information regarding threats.
+You can adapt this diagram to model different combinations of attacks and better understand how to prevent and mitigate them. While the MITRE ATT&CK framework is a useful reference, it’s not required. Microsoft Sentinel and other Microsoft security services also collaborate with MITRE to provide valuable insights into various threats.
 
 Some organizations use Cyber Kill Chain®, a methodology from Lockheed Martin, to map and understand how an attack or a series of attacks are performed against an IT environment. Cyber Kill Chain organizes threats and attacks by considering fewer tactics and techniques than the MITRE ATT&CK framework. Still, it's effective in helping you to understand threats and how they might be executed. For more information about this methodology, see [Cyber Kill Chain](https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html).
 
@@ -111,7 +111,7 @@ The example architecture in this article uses the following Azure components:
 
 Principal author:
 
-- [Rudnei Oliveira](https://www.linkedin.com/in/rudnei-oliveira-69443523/) | Senior Customer Engineer
+- [Rudnei Oliveira](https://www.linkedin.com/in/rudnei-oliveira-69443523/) | Senior Azure Security Engineer
 
 Other contributors:
 

diff --git a/docs/solution-ideas/articles/map-threats-it-environment.yml b/docs/solution-ideas/articles/map-threats-it-environment.yml
@@ -2,11 +2,11 @@
 metadata:
   title: Map threats to your IT environment
   titleSuffix: Azure Architecture Center
-  description: Diagram the IT environment of your organization and develop a threat map to plan and build your defensive layer of security. This article is part of a series.
+  description: Diagram the IT environment of your organization and develop a threat map to plan and build your defensive layer of security. This article is the second in a part of a series.
   author: rudneir2
   ms.author: ruolivei
   ms.custom: fcp
-  ms.date: 10/10/2022
+  ms.date: 9/18/2024
   ms.topic: solution-idea
   ms.service: azure-architecture-center
   ms.subservice: solution-idea