tactic-vocab
============

**Access** (1)

    Insider uses an organizational account or access path to take an action related to the incident

**Recruitment** (2)

    Insider recruits or is recruited by others

**Financial Transaction** (3)

    Insider or colluding outsider makes a financial transaction related to the incident

**Malware** (4)

    Malicious software is used

**Malicous Action** (5)

    An intentionally malicious action not included in the other tactics

**Concealment** (6)

    Insider or colluding outsider takes an action that conceals or attempts to conceal their activity

**Data Exfiltration** (7)

    Data (or copies of data) is removed from the organization without permission or explicitly against permission to use in an unauthorized way

**Data Impact** (8)

    Harmful action involving the organization's data which compromises the organization in some way

**Safety Impact** (9)

    Harmful action involving the organization's personnel that compromises the safety of one or more individuals in the organization