THE BLOG
-
Jan 10, 2022Map your Moves
Our troops do not go into battle without the proper training, knowledge, or practice under their belts. They learn their roles. They practice as a unit. They learn about their opponents. They perform test runs. They plan for all feasible scenarios.
The landscape of security today requires a similar tactic. Not only do security teams need to know their specific roles daily and how to perform during an actual event, but they also need to understand the threats they face, plan for them and perform test simulations. Running through this process during a tabletop exercise helps to avoid delays, gaps, and confusion in the event of an actual incident. Tabletop exercises are not new, but they offer organizations a way to playout a situation and identify any areas missing coverage before an incident occurs.
Here are six tips to get you started with your next Tabletop Exercise:
1. Make it a game with a time limit. Brainstorm, be creative, don't expect to be perfect but box it in. 90-120 minutes is likely long enough.
2. Come up with plausible scenarios. There are no points on the board for coming up with a farfetched, unlikely scenario. Start with the realistic threats and go from there.
3. Get it on the calendar - today! Don't get stuck in the 'we should do it' stage. Schedule it or it won't happen.
4. Get the right people in the room. In small organizations it may be all leaders in the organization. In large organizations it may need to be groups focused into several smaller teams/meetings.
5. Divide and conquer. In a real scenario, tasks would be split up, small groups would work to tackle the incident from various angles. Allow member of the exercise to split up and brainstorm for part of the exercise.
6. Create an after-action plan. What worked? What didn't? What gaps did you identify that you need to work to fill? Write it down and communicate it to the team.If you need support, we are here to help!
-
Nov 10, 2021Backups, Security's Best Friend
Do you have backups in place? Simple yes or no answer, or is it? In the past, backups were not necessarily seen as a security issue, but ransomware changed that. Backups, and the security of those backups, is now more important than ever. Backups have become Information Security's best friend.
But is simply having a backup really the only concern? As security professionals we are asked about backups regularly. Here is our take on the subject:Having backups in place is critical.Having working backups in place is critical.Having frequent backups in place is critical.Having tested backups in place is critical.Having isolated or offline backups in place is critical.Having backups only accessible to the necessary staff is critical.Ensuring there are backups of everything necessary to run your business is critical.Cloud assets, AD, applications... all of these are in scope and should have backups at some level. Multiple copies and retention should also be considered.If we are testing your environment and we can get into your backups, so can a malicious actor, so give them the appropriate level of attention. Make sure resources are put into ensuring that you know what is backed up, the frequency of backups, and how they are secured. Make this part of your Business Continuity planning and testing. Recover and test your backups, regularly. Do not wait for a loss of data to investigate this crucial component of your IT environment.
