Sep 12, 2017
Everyone should be doing incident response tabletops, even if it's not a dedicated task in your organization. It allows you to find out what you might be lacking in terms of processes, manpower, requirements, etc.
This week, we discuss what you need to do to get ready for one, and how those should go in terms of helping your organization understand how to handle the aftermath.
And in case you've been under a rock, #equifax was breached. 143 million credit records are in the ether. We discuss the facts as of 9 September 2017, and what this means to the average user.
Youtube Channel: https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw
Join our #Slack Channel! Sign up at https://brakesec.signup.team
#iHeartRadio App: https://www.iheart.com/show/263-Brakeing-Down-Securi/
Comments, Questions, Feedback: email@example.com
Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast
#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir
#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr
#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/
Must go beyond ‘threats’.
What is in your environment
Struts aren’t a threat, or are they?
Equifax didn’t think so at the time…
plugins/themes used (Wordpress)
What makes a good incident response exercise (
Following the creation and
implementation of security controls around use cases, can be the
testing of tabletop exercises and drills as a proof of concept. A
tabletop exercise is a meeting of key stakeholders and staff that
walk step by step through the mitigation of some type of disaster,
malfunction, attack, or other emergency in a low stress situation.
A drill is when staff carries out as many of the processes,
procedures, and mitigations that would be performed during one of
the emergencies as possible.
While drills are limited in scope, they can be very useful to test specific controls for gaps and possible improvements. A disaster recovery plan can be carried out to some length, backups can be tested with the restoration of files, and services can be failed over to secondary cluster members.
Tabletop exercises are composed of several key groups or members.
What to include in the tabletop:
• A handout to participants with the scenario and room for notes.
• Current runbook of how security situations are handled.
• Any policy and procedure manuals.
• List of tools and external services.
Post-exercise actions and questions:
• What went well?
• What could have gone better?
• Are any services or processes missing that would have improved resolution time or accuracy?
• Are any steps unneeded or irrelevant?
• Identify and document issues for corrective action.
• Change the plan appropriately for next time.
The Federal Emergency Management Agency (FEMA) has a collection of different scenarios, presentations, and tabletops that can be used as templates.
Derbycon channel on Slack
Intro to RE class