2nd Edition

Tracking the trends and news for IT and IT Security

Paul

Dungeons and Security Incidents

1*sHhtYhaCe2Uc3IU0IgKwIQ.pngDungeons and Security Incidents>
Medium – Christopher Blanco
Security teams talk about ways to practice incident response with a few different methods: mock or simulated exercises, shadowing, tabletop exercises, and so on. Tabletop exercises are among the easiest to perform, as they have the team step through an existing response procedure to test each othersâ knowledge of what to do and why for a given threat. Inspiration/Being Too Literal âHURR HURR TABLETOP IS TABLETOPâ is a reasonable approximation to how my brain made the connection between Dungeons and Dragons and tabletop exercises. The Procedure Scheduling the First Scenario The first time you run this, youâll want to bring your whole team together and take part. Scenario Creation To come up with an effective training scenario, youâll want to base it on something real and give it a backstory so thereâs something immersive for the players to work with. Scenario Execution These scenarios play very similarly to a session of Dungeons and Dragons. You, the host, are also the Dungeon Master (DM), and the (required) attendees are the players who are on-call to respond to the given scenario. If there are additional members, treat them as an audience who is around to observe and learn from the players. They should remain quiet during the scenario unless the DM calls upon them. They may talk with each other in a side channel; trying to solve the scenario on the side may encourage further engagement.

Advanced Scenario Creation with Threat Modeling Running low on ideas. Using evidence you have with the threat modeling techniques below can be helpful in creating more realistic scenarios in the future. Note that these are techniques I first learned from SANSâ Cyber Threat Intelligence course. Lessons Learned Make it a regular activity. Get a scribe. Immediately create action-items and track them alongside other work, and incentivize their resolution. Use existing rotations, and extend the scenario with challenge ratings. Use this for onboarding. Consider using it to identify performance gaps without requiring actual incidents. Create some parameters and roll dice. Donât have the domain knowledge for real-time. Make it turn-based. Being a Good Dungeon Master Let the players tell the story. Make it real to keep immersion, but donât stop the action for fact-checking. Keep it fun.
Link: https://medium.com/@nowucblanco/dungeons-and-security-incidents-7328c3a51302

Categories:

Tags: