Development and operations a practical guide
Download 4.62 Mb. View original pdf
|
- Navigate this page:
- Think: Attack path validation
- Think: Flaw identification
- Think: Measure security operation’s capabilities as a whole
| Comparison Summary Method Description Goal in Terms of Risk Penetration Test An attack against a system, network, or application designed to identify and measure risks associated with the exploitation of a target’s attack surface. Think: Attack path validation Attack surface reduction Vulnerability Assessment An assessment used to identify the adequacy of security measures, identify security deficiencies, and confirm the mitigations are in place with the goal of reducing a target’s attack surface Think: Flaw identification Attack surface reduction Red Team Engagement The process of using Tactics, Techniques, and Procedures (TTPs) to emulate a real-world threat with the goals of training or measuring the effectiveness of the people, processes, and technology used to defend an environment. Think: Measure security operation’s capabilities as a whole Training and measuring the effectiveness of the people, processes, and technology (security operations) Red Teaming Organizations The NIST has provided general guidance in the form of the Cybersecurity Framework [11] for improving critical infrastructure cybersecurity. This framework provides a common taxonomy and mechanism for organizations to. Describe their current cybersecurity posture. Describe their target state for cybersecurity 3. Identify and prioritize opportunities for improvement within the context of a continuous and repeatable process. Assess progress toward the target state. Communicate among internal and external stakeholders about cybersecurity risk This framework presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across the organization from the executive level to the implementation/operations level. The framework core consists of five concurrent and continuous functions Identify, Protect, Detect, Respond, Recover. When considered together, these functions provide a high-level, strategic view of the lifecycle of an organization's management of cybersecurity risk. The framework core identifies underlying key categories and subcategories for each function. It matches them with example informative references, such as existing standards, guidelines, and practices for each subcategory. For more details, visit https://www.nist.gov/cyberframework/cybersecurity-framework-faqs-framework-components. In terms of Red Teaming, this document focuses on how Red Teaming can be used by an organization to understand its ability to Identify, Protect, Detect, Respond, and Recover against a threat. These categories are where we in the security industry should focus. Detection and response capabilities are vital and arguably the point of a security operations. Download 4.62 Mb. Share with your friends:
|