Security Practices: Training and Risk Evaluation - Paiet/Tech-Journal-for-Everything GitHub Wiki
Training and exercises
-
Red team
- They act as the attackers
- Look for real-world vulnerabilities to exploit
-
Blue team
- Act as defenders
- Doing their best to secure the environment and look for IoC
-
Purple team
-
White team
- The "referee"
- Making sure that each team stays within the parameters of the exercise
- They may also establish the rules of the exercise
- Performs post-exercise evaluations
- Lessons learned
- post-engagement assessment
-
Hunt team
- Focused on discovering APT
-
Bug Bounty
- Use hacking community as resource to discover vulnerabilities
-
Risk evaluation
-
Technical control review
- What systems, devices, software, and/or settings do we have in place to bolster CIA requirements?
- NAC
- Endpoint security software
- AV
- Firewalls
- HIDS/NIDS
- What systems, devices, software, and/or settings do we have in place to bolster CIA requirements?
-
Operational control review
- Controls, practices, and procedures that bolster cyber security
- Pentesting
- Compliance testing
- Code review
- Best practices
- End-user Security awareness training
- Controls, practices, and procedures that bolster cyber security
-
Technical impact and likelihood
- Use Risk matrix to determine overall risk ratings
- High
- Medium
- Low
- SHOW DIAGRAM: Risk Matrix
- This is a "qualitative" risk assessment process
- Use Risk matrix to determine overall risk ratings