mirror of
https://github.com/adulau/foo.be.git
synced 2024-12-25 01:46:00 +00:00
chg: [blog] old draft about cyber security exercises merged
This commit is contained in:
parent
d92bcb40a3
commit
3acad41123
1 changed files with 41 additions and 0 deletions
41
_posts/2017-11-30-Cybersecurity-Exercises-and-Reality.md
Executable file
41
_posts/2017-11-30-Cybersecurity-Exercises-and-Reality.md
Executable file
|
@ -0,0 +1,41 @@
|
|||
---
|
||||
layout: post
|
||||
title: "Cyber Security Exercises and Reality"
|
||||
date: 2017-11-30 18:52:21
|
||||
categories: infosec
|
||||
---
|
||||
|
||||
# Cybersecurity Exercises and The Reality
|
||||
|
||||
Alexandre Dulaunoy <a@foo.be>
|
||||
|
||||
*version 0.1 - 2017-11-30*
|
||||
|
||||
When you are facing a potential threat, the most difficult aspect is to understand what you are fighting against.
|
||||
Evaluating a threat in information security is a complex aspect especially when you have no simple ways
|
||||
to scale the threat and know if you have the organisational and technical capabilities to respond to such threat.
|
||||
|
||||
In the past years, many cyber security exercises appear at local, national or international levels with the aim
|
||||
to improve the capabilities at organisational or/and technical levels. There are many different organisations
|
||||
involved in such exercise and there are many models depending of their respective focus. After being involved
|
||||
in many of those (including designing or/and playing), I compiled my thoughts and especially the shortcomings
|
||||
in such approach. The idea behind this series of notes is to improve such exercise or experiment other approaches.
|
||||
|
||||
# Synthetic information/evidences
|
||||
- Synthetic information or evidences
|
||||
- The aim is often limited to solve one or more challenges
|
||||
|
||||
# Reducing operational security aspects to simple games
|
||||
|
||||
A critical issue in my eyes with cyber security exercises is the over simplification of cyber security threats at a level
|
||||
which make these understandable for the political or non-operational managerial level. There are some significant
|
||||
risks to reduce complexity of the reality. When operational security teams face real and concrete incidents, their
|
||||
work can be seen as like solving a challenge. In incident response, it's quite common to face complex topics,
|
||||
with different contexts and ultimately being incapable to reach a complete solution of the analysis from partial evidences,
|
||||
multi-compromised infrastructures.
|
||||
|
||||
- Resources and allocation
|
||||
- Outcomes and how results are integrated in operational security
|
||||
|
||||
# References
|
||||
|
Loading…
Reference in a new issue