《勒索软件 TTX - 下次 TTX 中应包含的七种场景.pdf》由会员分享,可在线阅读,更多相关《勒索软件 TTX - 下次 TTX 中应包含的七种场景.pdf(31页珍藏版)》请在三个皮匠报告上搜索。
1、Ransomware TTXSeven scenarios to include in your next Tabletop ExerciseAgendaTabletop Exercises(TTX)in focusSeven scenariosIdentifying gapsGap roadmapGet a copy of these slideswhoamiGerry JohansenPrincipal Security Solutions SpecialistRED CANARYirproactive20+Years of Incident Response,Digital Forens
2、ics and Threat Intelligence Detective/Task Force Agent(FBI),ConsultantBS Justice and Law AdminMA Information AssuranceCERT-GCFR,GNFA,GRID,GCTI,GCFA,CISSPDigital Forensics and Incident Response,3rd EditionRapid City,South DakotaTabletop Exercises in focusTabletop Exercises(TTX)are a critical part of
3、the overall security programMoving away from a perfunctory exercise to a concerted,ongoing effort to improveMultiple times per year with a variety of scenarios and exercisesFocus on specific aspects of incident response via scenariosTabletop Exercise objectivesTechnical plans and playbooksIntra-team
4、 coordinationInter-team coordinationIdentify gaps in decisions and planningProcess familiarization and improvementSeven scenariosRansomware tabletop scenariosScenarios seen during live response and exercisesMatched to current situations responders might faceCan be included as part of the overall exe
5、rciseNot all-inclusive there are a variety of scenarios injectsProvide a good foundation for critical components of responseWHAT OTHERS ARE SAYINGRed Canary has improved our security program and weve seen benefits in terms of incidents identified.”Ryan,Chief Technology Officer“The security operation
6、s center has detected several systems communicating with a suspected C2 server and has created a Priority-1 ticket.SETTING THE SCENARIOIs this an incident?1Is this an incident?Key Performance IndicatorsYour organization has a clearly defined escalation pathIncident declaration does not need to waitD