Blue / Red Team Review
So you’ve plotted a path through all of the cyber advice you have been given and you’ve convinced yourself that you are within your organisational risk tolerance in the cyber regard.
What now ?
A Live Performance is always made better by Dress Rehearsal
We advise the following:
- PLAN: Always assume that you will be attacked / subverted. Co-ordinate your senior stakeholders and collectively come up with a number of misuse cases. These are realistic scenarios of how an attack / incident may happen. The scenarios may cover electronic attack, bona fide user subversion, GDPR / DPA breach (including notification), key supply chain subversion environmental incident or other, depending on your business.
- DO: Execute the misuse case as realistically as possible, in a benign environment. Make every effort to use your own staff in this exercise, use separate independent observers – no one knows your business better than you. React to the misuse case according to your developed processes.
- CHECK: Measure the performance of the misuse case handling, identify areas for improvement and gain agreement from your stakeholders – it is important to maintain efficacy whilst gaining maximum effect vs spend.
- ACT: Implement the observations.
Nuggets:
- Be aware of all Security Domains when considering response and improvements (Physical, Personnel, Process and Technical).
- Be aware of your own approach to Risk Management (Appetite, Mitigation Approach).
- Include all of your key business processes and supply chain – insourced or outsourced – in the scrutiny.
- Repeat the exercise regularly – this should become second nature; fidelity will be increased the more times this is done. Misuse cases should evolve / change the more times this is executed.
- Ownership of this iterative approach should remain vested in your company and should have the full support of the board – use external consultants wisely – skills and knowledge transfer is key.
The cyber threat is agile and fast moving.