Development and operations a practical guide
Download 4.62 Mb. View original pdf
|
- Navigate this page:
- Deconfliction
| Focus Point Test environments rarely model production to the level where operational impacts are felt. The technologies may match, but the people and processes typically do not. Focusing on only the test environment can lead to an unrealistic view of how the impact affects an organization. Buy-in from management for permission to perform operational impacts can be very difficult. If an organization is highly risk-averse, these impacts may seem too costly or dangerous. Organizations that expose their systems to a full-scale attack that includes operational impacts will definitely feel the pain. However, detailed planning and execution limits real-world impacts, manages potential risks, identifies gaps in both security and operations, and provides extremely valuable lessons learned to all stakeholders. Deconfliction Deconfliction is the ability to identify which activity is generated by the Red Team and which is not. In general, Deconfliction: Separates Red Team activity from real-world activity Requires prior coordination through a deconfliction process Mandates Red Team receipt of incident-specific defensive logs Is not to be used as a Red Team identification process Requires all detected incidents, whether real-world or alleged Red Team activity, immediately be reported using normal incident reporting processes May require the White Cell POC to contact the Red Team’s POC to determine if discovered activities are the result of the Red Team It is critical for personnel at all levels of the engagement to be able to quickly and correctly distinguish Red Team activity from real-world attacks. Several factors can alleviate confusion and the dissemination of misinformation however, these four simple actions go along way in the deconfliction process: Ensuring Trusted Agents/White Cell understand the actions and impacts of activities as they occur Ensuring all Operator Logs (OPLOGS) are accurately and thoroughly completed Providing OPLOGS and activity lists to the ECG as requested Exchanging periodic Situation Reports with the White Cell Download 4.62 Mb. Share with your friends:
|