Speaker
Description
One of the most effective ways to test a company’s security posture is through red team assessments and targeted penetration testing. This article defines one of the most effective approaches for determining the scope of the tests and the stages they go through.
The stages include getting to understand the potential attackers, their tactics, techniques and procedures, the modus operandi and the objective with which they operate. The paper also discusses the importance of people, business processes, technology and distinguishing between important and critical assets as part of effective testing.
It discusses the best tool for proper scoping is contextualized threat intelligence based analysis and red team assessment frameworks such as TIBER-EU, CBEST and iCAST. This paper describes an approach that can be used to improve the scoping of the mentioned tests and hence increase their value.