"Know your enemy and know yourself, and you will win a hundred battles." - Sun Tzu from Art of War
The man and his work are legend, and for good reason.
Inspired by the sage, I've explored this concept and applied his theories at some of today's largest companies. And if you've heard me or read anything I've written in the last few years, you'll recognize the following interrogatory statement which is the above stratagem in modern cyber-security parlance: Do you know how, with what resources, and where you will direct your incident response team when an active attack has been detected against your organization?
Short shrift is being paid to the basic task of understanding one's own attack mitigation and response capabilities. We all finally agree that it's a matter of when and not if we are going to experience a breach. So, even if we know our threat horizon well, no security technology, architecture, practice or policy, at least today and within my lifetime, will ever be fully resistant to cyber-attacks.
Knowing this, isn't it paramount to fully understand exactly what your organization should be doing when under active attack?
What I believe is commonly missing from Incident Response planning is a way to provide tactical guidance once an attack is underway on who should be responding, what activities should be prioritized, what tools should be used, and most importantly, what specific defensive capabilities are going to be most effective against the specific type of attack being experienced.
Fighting a cyber-attack without knowing your own response capabilities is comparable to sending a field general out to command an army without telling the commander what weapons his troops have and how well they can use those weapons, nor any knowledge of the enemies' weapons the troops will face in battle. The corollary to this is the fact that many activities carried out in a standard, well-constructed IR plan may have little or no effect on stopping the attack and all the associated damage because we cannot provide specific, appropriate responses a priori for a future attack.
Type your search and press enter
- Threat Intelligence
- Happy Hour
- InfoSec 101
- Security Awareness
- Public Sector
- Financial Services
- Press Release
@critinformatics | Aug 21, 2018While enterprises are distracted by the latest AI/ML/SOAR tool, small businesses are getting back-to-basics and moving the #security needle. Read insights from @seattlemkh on how to simplify the #cybersecurity program effectively on a small biz budget. https://t.co/lv2f12C9FL https://t.co/a7FaBge9UL
@critinformatics | Aug 21, 2018RT @beyondnegative: Yay for stable internets! Go download my presentation and workshop outline/notes on Github: https://t.co/APcsUxxzS7
@critinformatics | Aug 21, 2018#ICYMI: Learn the 5 key questions that the #CISO should consider when conducting #riskassessment, and how those answers can support budget requests for the #cybersecurity program. https://t.co/lLibAzTUWF https://t.co/cVudQc4f23
@critinformatics | Aug 20, 2018#ICYMI: [VIDEO] It's #NewsJacker time with CI Security's #CISO @seattlemkh! Get caught up all the recent #InfoSec news you need to know, including stories on stolen data, privacy, #InfoSec litigation, Russia’s election meddling, and more. https://t.co/qsixvM7rI0 https://t.co/0Z4waKbRKy
@critinformatics | Aug 20, 2018While enterprises are distracted by the latest AI/ML/SOAR tool, small businesses are getting back-to-basics and moving the #security needle. Read @seattlemkh's insights on how to simplify the #cybersecurity program effectively on a small biz budget. https://t.co/nW5RBUG4k8 https://t.co/83WQ7FqkJ3