• PDF / 672,965 Bytes
• 15 Pages / 504 x 720 pts Page_size
• 29 Downloads / 212 Views

DOWNLOAD

REPORT

Cyber Risks and the  Attack Life Cycle Preparing to handle incidents requires thoughtful planning—planning beyond creating an incident response plan, playbooks and annual or semiannual testing. With limited time and resources, it makes sense to focus attention on areas in which cybersecurity events are likely to occur. Knowing where to focus is derived by answering the following questions: •

What risks invite attackers into the network?

•

What attack vectors are likely to be used?

Two important tools designed to answer these questions are the cyber risk assessment and the Cyber Attack Life Cycle developed by Mandiant. The risk assessment lays out the risks present in the environment in which cyber events are likely to occur. The Cyber Attack Life Cycle outlines the process attackers follow when seeking to breach entities and steal, modify or destroy assets. The cyber risk assessment and analysis entails several key items. Properly analyzing risks to the entity’s digital assets requires assessing threats and vulnerabilities these threats are likely to exploit and analyzing each in terms of the likelihood of a successful attack and the impact to the entity. Viewing these risks in terms of the Attack Life Cycle, formerly known as the Kill Chain, generates context in terms of an attack vector’s threats. Think of it like laying the Attack Life Cycle on top of the risk assessment. A threat actor exploits a vulnerability to gain an initial foothold inside the entity. Then it searches for ways to exploit other systems, increasing its privileges, until the target is reached. Prioritizing the incident response plan and associated playbooks around these scenarios enhances planning and preparation for potential incidents.

© Eric C. Thompson 2018 E. C. Thompson, Cybersecurity Incident Response, https://doi.org/10.1007/978-1-4842-3870-7_6

71

Chapter 6

Cyber Risks and the Attack Life Cycle

Documenting Cyber Risks Assessing cybersecurity risks requires six key activities. The first four are identifying assets, identifying threats, identifying vulnerabilities, and assessing the initial risk to digital assets in the entity. The fifth step is identifying security controls, sometimes referred to as measures, meant to reduce cyber risks. The sixth step measures residual risk, the risk remaining once a cybersecurity control is identified, and the effectiveness in reducing risk is measured. This is visualized in Figure 6-1.

/ĚĞŶƟĨLJ ĂƚĂƐƐĞƚƐ

dŚƌĞĂƚ /ĚĞŶƟĮĐĂƟŽŶ

sƵůŶĞƌĂďŝůŝƟĞƐ

DĞĂƐƵƌĞ>ĞǀĞůŽĨ/ŶŝƟĂů ZŝƐŬ

/ŵƉůĞŵĞŶƚ LJďĞƌƐĞĐƵƌŝƚLJ ŽŶƚƌŽůƐ DĞĂƐƵƌĞ ZĞƐŝĚƵĂůZŝƐŬ

ͻtŚĂƚƚLJƉĞ;ƐͿĂƌĞĂƚƌŝƐŬ͍ ͻtŚĞƌĞŝƐŝƚůŽĐĂƚĞĚ͍ ͻtŚŽŽǁŶƐŝƚ͍ ͻEĂƟŽŶͲ^ƚĂƚĞƐ͍ ͻLJďĞƌĐƌŝŵŝŶĂůƐ͍ ͻ/ŶƐŝĚĞƌƐ͍ ͻtĞĂŬƉĂƐƐǁŽƌĚƐ͍ ͻhŶƉĂƚĐŚĞĚƐLJƐƚĞŵƐ͍ ͻDŝƐƐŝŶŐĂĐĐĞƐƐĐŽŶƚƌŽůƐ͍

ͻ>ŝŬĞůŝŚŽŽĚ͍ ͻ/ŵƉĂĐƚ͍

ͻdĞĐŚŶŝĐĂů͍ ͻĚŵŝŶŝƐƚƌĂƟǀĞ͍

ͻ>ŝŬĞůŝŚŽŽĚ͍ ͻ/ŵƉĂĐƚ͍

Figure 6-1.  The six activities necessary to measure cybersecurity risk

72

Chapter 6

Cyber Risks and the Attack Life Cycle

Threat Analysis Threats, both threat actors and threat scenarios, are people, group

Recommend Documents

Cyber-physical Attack

175 90 49MB

The Data Life Cycle

177 100 3MB

Valuing Life and Risks to Life

157 82 147MB

Cyber Attack Detection Framework for Cloud Computing

219 103 30MB

Life Cycle

182 19 22MB

Life Cycle

228 17 35MB

Mitigating intergranular attack and growth in lead-acid battery electrodes for extended cycle and operating life

162 26 686KB

Life Cycle

199 72 1MB

Attack Path Analysis for Cyber Physical Systems

242 85 18MB

The Model Deployment Life Cycle

184 42 17MB

The Modeling Life Cycle Explained

162 98 14MB

Life Cycle

183 31 13MB