mirror of
https://github.com/adulau/foo.be.git
synced 2024-11-22 01:37:05 +00:00
chg: [blog] old draft about cyber security exercises merged
This commit is contained in:
parent
d92bcb40a3
commit
3acad41123
GPG key ID:
09E2CD4944E6CBCD
1 changed files with 41 additions and 0 deletions
41
_posts/2017-11-30-Cybersecurity-Exercises-and-Reality.md
Executable file
41
_posts/2017-11-30-Cybersecurity-Exercises-and-Reality.md
Executable file
|
|
@ -0,0 +1,41 @@
|
||||||
|
---
|
||||||
|
layout: post
|
||||||
|
title: "Cyber Security Exercises and Reality"
|
||||||
|
date: 2017-11-30 18:52:21
|
||||||
|
categories: infosec
|
||||||
|
---
|
||||||
|
|
||||||
|
# Cybersecurity Exercises and The Reality
|
||||||
|
|
||||||
|
Alexandre Dulaunoy <a@foo.be>
|
||||||
|
|
||||||
|
*version 0.1 - 2017-11-30*
|
||||||
|
|
||||||
|
When you are facing a potential threat, the most difficult aspect is to understand what you are fighting against.
|
||||||
|
Evaluating a threat in information security is a complex aspect especially when you have no simple ways
|
||||||
|
to scale the threat and know if you have the organisational and technical capabilities to respond to such threat.
|
||||||
|
|
||||||
|
In the past years, many cyber security exercises appear at local, national or international levels with the aim
|
||||||
|
to improve the capabilities at organisational or/and technical levels. There are many different organisations
|
||||||
|
involved in such exercise and there are many models depending of their respective focus. After being involved
|
||||||
|
in many of those (including designing or/and playing), I compiled my thoughts and especially the shortcomings
|
||||||
|
in such approach. The idea behind this series of notes is to improve such exercise or experiment other approaches.
|
||||||
|
|
||||||
|
# Synthetic information/evidences
|
||||||
|
- Synthetic information or evidences
|
||||||
|
- The aim is often limited to solve one or more challenges
|
||||||
|
|
||||||
|
# Reducing operational security aspects to simple games
|
||||||
|
|
||||||
|
A critical issue in my eyes with cyber security exercises is the over simplification of cyber security threats at a level
|
||||||
|
which make these understandable for the political or non-operational managerial level. There are some significant
|
||||||
|
risks to reduce complexity of the reality. When operational security teams face real and concrete incidents, their
|
||||||
|
work can be seen as like solving a challenge. In incident response, it's quite common to face complex topics,
|
||||||
|
with different contexts and ultimately being incapable to reach a complete solution of the analysis from partial evidences,
|
||||||
|
multi-compromised infrastructures.
|
||||||
|
|
||||||
|
- Resources and allocation
|
||||||
|
- Outcomes and how results are integrated in operational security
|
||||||
|
|
||||||
|
# References
|
||||||
|
|
||||||
Loading…
Reference in a new issue