updates

Author: DebLanger

exposure-management/predefined-classification-rules-and-levels.md

@@ -30,7 +30,7 @@ Current asset types are:
 | Microsoft Entra ID Connect                                   | Device                     | Medium                      | The Microsoft Entra ID Connect (formerly known as AAD Connect) server is responsible for syncing on-premises directory data and passwords to the Microsoft Entra ID tenant. | A compromised Microsoft Entra ID Connect server could result in the entire domain being compromised. An attacker might steal the credentials of synchronized users to execute lateral movements and gain unauthorized access to resources within the network. |
 | ADCS                                                         | Device                     | Medium                      | ADCS server allows administrators to fully implement a public key infrastructure (PKI) and issue digital certificates that can be used to secure multiple resources on a network. Moreover, ADCS can be used for various security solutions, such as SSL encryption, user authentication, and secure email. | A compromised ADCS server can lead to the compromise of both domain users and servers. An attacker with access to ADCS can execute various attacks, such as manipulating misconfigured templates to impersonate highly privileged users. Mercur |
 | ADFS                                                         | Device                     | High                      | ADFS server provides users with single sign-on access to systems and applications located across organizational boundaries. It uses a claims-based access control authorization model to maintain application security and implement federated identity. | A compromised ADFS server can result in credential theft and token manipulation related attacks. If an attacker gains access to the ADFS certificate's private key, they can impersonate users, thereby gaining unauthorized access to resources. |
-| Backup                                                       | Device                     | Medium                      | Backup server os responsible for safeguarding data through regular backups, ensuring data protection and disaster recovery readiness. | A compromised backup server can result in the compromise of an organization's sensitive data. An attacker with access to the backup server can access backup files of critical services to export data or even encrypt them. |
+| Backup                                                       | Device                     | Medium                      | Backup server is responsible for safeguarding data through regular backups, ensuring data protection and disaster recovery readiness. | A compromised backup server can result in the compromise of an organization's sensitive data. An attacker with access to the backup server can access backup files of critical services to export data or even encrypt them. |
 | Domain Admin Machines                                        | Device | High                      | Domain admin machines are machines that one or more of the domain admins are frequently logged into. These devices are likely to store related files, documents, and credentials used by the domain admins. | A compromised device with domain admin privileges can lead to the compromise of the entire domain. An attacker might steal cached credentials from domain admin devices to perform lateral movement within the network. |
 | Domain Controller                                            | Device                     | High                      | Domain controller server is responsible for user authentication, authorization, and centralized management of network resources within an active directory domain. | A compromised domain controller can have severe impacts on an organization. It could potentially allow an attacker to gain control over the entire IT infrastructure and gain access to every resource within the network. |
 | Exchange                                                     | Device                     | Medium                      | Exchange server is responsible for all the mail traffic within the organization. Depending on the setup and architecture, each server might hold several mail databases that store highly sensitive organizational information. | A compromised Exchange server can lead to the theft of an organization's sensitive mail data or even result in the encryption of the entire mail system. Additionally, an Exchange server has control over active directory objects. If these are manipulated by an attacker, it could compromise the active directory. |