Development and operations a practical guide
Download 4.62 Mb. View original pdf
|
- Navigate this page:
- Pre-Report Briefings
- Executive Outbrief
- Consider This
| Log Completion Checklist ● Ensure completion of all operator logs ● Ensure consolidation of all logs ● Ensure consolidation of data collected automatically ● Ensure consolidation of target data ● Red Team Lead review and acceptance ● Archive (Tar/Zip) and hash all data Pre-Report Briefings It is recommended to perform a closeout brief following the final day of the engagement. This brief will likely not include much of the detail in the final report however, it should allow the Red Team to provide the target with a high-level overview of the access gained correlated to the significant observations of the engagement, general feedback, and general recommendations. Executive Outbrief At the end of an engagement's execution, a target organization typically needs (and often warrants) a summary of the event. Waiting fora final report can keep the target out of the loop for too long. If logging and data collection were performed correctly (as it should have been, this would not be a difficult task. The first post-engagement meeting is usually the executive outbrief. An executive brief is typically performed soon after execution completes (within one or two days following execution. This meeting is tailored toward management and should include key personnel from the target organization. This meeting should not only include information security management but organizational management as well. The outcome of a Red Team engagement may impact how an organization operates in the future, potentially requiring funding to pursue mitigations or staffing modifications. Management awareness and buy-in are critical if Red Team results will be used to improve an organization's security stance to defend and respond to a threat. The executive outbrief should focus on the big picture of the event and is best portrayed as a chronological story of critical steps and observations. The story and actions will become the attack narrative in the final report. At this point, the final report and analysis are not complete, but management is looking for quick answers. If obvious issues were identified, they could be highlighted in the brief. It should be pointed out that the final report may contain observations that will not be discovered until all information has been analyzed. Consider This Most executive suites and senior managers aren’t as interested in the technical details of the engagement. They are more commonly interested in the impacts to business functions, production, and reputation. Attempt to correlate each major action or milestone to the business aspects impacted. If possible, estimating total costs (including lost revenue, time, remediation, capability, etc) facilitates executive understanding of the impacts and reinforces interaction. Download 4.62 Mb. Share with your friends:
|