Development and operations a practical guide



Download 4.62 Mb.
View original pdf
Page15/96
Date11.02.2023
Size4.62 Mb.
#60628
1   ...   11   12   13   14   15   16   17   18   ...   96
1 Joe Vest, James Tubberville Red Team Development and Operations
Comparison Summary
Method
Description
Goal in Terms of
Risk
Penetration
Test
An attack against a system, network, or application designed to identify and measure risks associated with the exploitation of a target’s attack surface.
Think: Attack path
validation
Attack surface reduction
Vulnerability
Assessment
An assessment used to identify the adequacy of security measures,
identify security deficiencies, and confirm the mitigations are in place with the goal of reducing a target’s attack surface
Think: Flaw
identification
Attack surface reduction
Red Team
Engagement
The process of using
Tactics, Techniques,
and Procedures (TTPs)
to emulate a real-world threat with the goals of training or measuring the effectiveness of the people, processes, and technology used to defend an environment.
Think: Measure
security operation’s
capabilities as a whole
Training and measuring the effectiveness of the people,
processes, and technology
(security operations)


Red Teaming Organizations
The NIST has provided general guidance in the form of the Cybersecurity Framework
[11]
for improving critical infrastructure cybersecurity. This framework provides a common taxonomy and mechanism for organizations to. Describe their current cybersecurity posture. Describe their target state for cybersecurity
3. Identify and prioritize opportunities for improvement within the context of a continuous and repeatable process. Assess progress toward the target state. Communicate among internal and external stakeholders about cybersecurity risk
This framework presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across the organization from the executive level to the implementation/operations level. The framework core consists of five concurrent and continuous functions Identify, Protect, Detect, Respond, Recover. When considered together, these functions provide a high-level, strategic view of the lifecycle of an organization's management of cybersecurity risk. The framework core identifies underlying key categories and subcategories for each function. It matches them with example informative references, such as existing standards,
guidelines, and practices for each subcategory. For more details, visit https://www.nist.gov/cyberframework/cybersecurity-framework-faqs-framework-components.
In terms of Red Teaming, this document focuses on how Red Teaming can be used by an organization to understand its ability to Identify, Protect, Detect, Respond, and Recover against a threat. These categories are where we in the security industry should focus. Detection and response capabilities are vital and arguably the point of a security operations.

Download 4.62 Mb.

Share with your friends:
1   ...   11   12   13   14   15   16   17   18   ...   96




The database is protected by copyright ©ininet.org 2024
send message

    Main page