diff --git a/_posts/2017-11-30-Cybersecurity-Exercises-and-Reality.md b/_posts/2017-11-30-Cybersecurity-Exercises-and-Reality.md new file mode 100755 index 0000000..9e82ea1 --- /dev/null +++ b/_posts/2017-11-30-Cybersecurity-Exercises-and-Reality.md @@ -0,0 +1,41 @@ +--- +layout: post +title: "Cyber Security Exercises and Reality" +date: 2017-11-30 18:52:21 +categories: infosec +--- + +# Cybersecurity Exercises and The Reality + +Alexandre Dulaunoy + +*version 0.1 - 2017-11-30* + +When you are facing a potential threat, the most difficult aspect is to understand what you are fighting against. +Evaluating a threat in information security is a complex aspect especially when you have no simple ways +to scale the threat and know if you have the organisational and technical capabilities to respond to such threat. + +In the past years, many cyber security exercises appear at local, national or international levels with the aim +to improve the capabilities at organisational or/and technical levels. There are many different organisations +involved in such exercise and there are many models depending of their respective focus. After being involved +in many of those (including designing or/and playing), I compiled my thoughts and especially the shortcomings +in such approach. The idea behind this series of notes is to improve such exercise or experiment other approaches. + +# Synthetic information/evidences +- Synthetic information or evidences +- The aim is often limited to solve one or more challenges + +# Reducing operational security aspects to simple games + +A critical issue in my eyes with cyber security exercises is the over simplification of cyber security threats at a level +which make these understandable for the political or non-operational managerial level. There are some significant +risks to reduce complexity of the reality. When operational security teams face real and concrete incidents, their +work can be seen as like solving a challenge. In incident response, it's quite common to face complex topics, +with different contexts and ultimately being incapable to reach a complete solution of the analysis from partial evidences, +multi-compromised infrastructures. + +- Resources and allocation +- Outcomes and how results are integrated in operational security + +# References +