当前位置:首页 > 报告详情

勒索软件 TTX - 下次 TTX 中应包含的七种场景.pdf

上传人: 可*** 编号:991774 2025-12-07 31页 776.78KB

1、Ransomware TTXSeven scenarios to include in your next Tabletop ExerciseAgendaTabletop Exercises(TTX)in focusSeven scenariosIdentifying gapsGap roadmapGet a copy of these slideswhoamiGerry JohansenPrincipal Security Solutions SpecialistRED CANARYirproactive20+Years of Incident Response,Digital Forens

2、ics and Threat Intelligence Detective/Task Force Agent(FBI),ConsultantBS Justice and Law AdminMA Information AssuranceCERT-GCFR,GNFA,GRID,GCTI,GCFA,CISSPDigital Forensics and Incident Response,3rd EditionRapid City,South DakotaTabletop Exercises in focusTabletop Exercises(TTX)are a critical part of

3、the overall security programMoving away from a perfunctory exercise to a concerted,ongoing effort to improveMultiple times per year with a variety of scenarios and exercisesFocus on specific aspects of incident response via scenariosTabletop Exercise objectivesTechnical plans and playbooksIntra-team

4、 coordinationInter-team coordinationIdentify gaps in decisions and planningProcess familiarization and improvementSeven scenariosRansomware tabletop scenariosScenarios seen during live response and exercisesMatched to current situations responders might faceCan be included as part of the overall exe

5、rciseNot all-inclusive there are a variety of scenarios injectsProvide a good foundation for critical components of responseWHAT OTHERS ARE SAYINGRed Canary has improved our security program and weve seen benefits in terms of incidents identified.”Ryan,Chief Technology Officer“The security operation

6、s center has detected several systems communicating with a suspected C2 server and has created a Priority-1 ticket.SETTING THE SCENARIOIs this an incident?1Is this an incident?Key Performance IndicatorsYour organization has a clearly defined escalation pathIncident declaration does not need to waitD

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要内容概括如下: - **Tabletop Exercises (TTX) 的重要性**:TTX是整体安全计划的关键部分,应从例行练习转变为持续改进的努力,每年多次进行,涵盖各种场景和练习。 - **TTX 目标**:包括技术计划、团队协调、识别决策和规划中的差距、流程熟悉和改进。 - **七种 ransomware 情景**:包括检测到可疑C2服务器、等待响应、云环境中的事件、网络隔离、凭证泄露、健康与福利等。 - **关键性能指标**:如明确的事件升级路径、服务级别目标、证据收集、隔离策略、凭证重置流程等。 - **识别和填补差距**:通过3-5分钟规则、猜测、缺乏应急措施、角色不清等问题识别差距,并通过工作组和计划填补这些差距。 核心数据: - 每年进行多次TTX。 - 识别了七种ransomware场景。 - 强调了关键性能指标的重要性。
应对勒索软件" "7大场景,提升应急响应" "识别差距,构建安全蓝图"
客服
商务合作
小程序
服务号
折叠