株式会社グローバルインフォメーション
TEL: 044-952-0102
表紙
市場調査レポート

セキュリティオペレーションをサポートする机上訓練 (テーブルトップエクササイズ) の設計

Design a Tabletop Exercise to Support Your Security Operation

発行 Info-Tech Research Group 商品コード 603335
出版日 ページ情報 英文 59 Pages
納期: 即日から翌営業日
価格
本日の銀行送金レート: 1USD=109.67円で換算しております。
Back to Top
セキュリティオペレーションをサポートする机上訓練 (テーブルトップエクササイズ) の設計 Design a Tabletop Exercise to Support Your Security Operation
出版日: 2018年01月25日 ページ情報: 英文 59 Pages
概要

セキュリティ確保に向けた人材、プロセス、技術への投資は、今後のサイバー脅威から確かに組織を守るものとなるでしょう。企業の総合的なセキュリティ戦略の一部として、机上訓練 (テーブルトップエクササイズ) を構築し、その確実性を検証しましょう。

当レポートは以下の担当者に向けて構成されています。

  • CIO (最高情報責任者)
  • CISO (最高情報セキュリティ責任者)
  • セキュリティ・ITマネジメント
  • 脅威情報
  • セキュリティオペレーション
  • セキュリティインシデント対応
  • 脆弱性評価・侵入テスト
  • パッチマネジメント

当レポートは以下のサポートを行います。

  • 包括的な模擬攻撃を通じて、組織的な準備体制を確立することで実戦前に備えます。
  • コアセキュリティチームの運用準備テストを通じて、脅威に対する計画を検証します。
  • サイバー脅威が高度化に対応できるチーム間の協力の有効性を検証します。
  • コアセキュリティチーム間のオペレーショナルワークフローを合理化・最適化します。

机上訓練 (テーブルトップエクササイズ) は、フェーズごとに以下の取り組みで構成されています。

  • フェーズ1:計画 - 机上訓練 (テーブルトップエクササイズ) の必要性を評価します。
  • フェーズ2: 設計 - トピック・範囲・目標・関係者の役割および責務を決定します。
  • フェーズ3:構築 - ブリーフィング・ガイド・レポートなどを作成します。
  • フェーズ4:実践 -カンファレンスまたはクラスルーム環境での訓練を主催します。
  • フェーズ5:評価 -訓練からの得た結果、教訓、次回のステップなどを文書化します。
目次
Product Code: 84611

Trust that your security investment in people, process, and technology will protect your organization from the next cyberthreat, but verify through the establishment of a tabletop exercise capability as part of your overall security strategy.

This research is designed for:

  • Chief Information Officer (CIO)
  • Chief Information Security Officer (CISO)
  • Security/IT Management
  • Threat Intelligence
  • Security Operations
  • Security Incident Response
  • Vulnerability Assessment/Penetration Testing
  • Patch Management

This research will help you:

  • Prepare before the battle by ensuring organizational preparedness through a comprehensive simulated attack.
  • Validate threat plans through the operational readiness testing of core security teams.
  • Evaluate collaboration effectiveness between teams addressing the increasing sophistication of cyberthreats.
  • Streamline and optimize operational workflow between core security teams.

A tabletop exercise consists of various activities related to the following phases:

  • Phase 1: Plan - Evaluate the need for a tabletop exercise
  • Phase 2: Design - Determine the topics, scope, objectives, and participant roles and responsibilities.
  • Phase 3: Develop - Create briefings, guides, reports, and exercise injects
  • Phase 4: Conduct - Host the exercise in a conference or classroom setting.
  • Phase 5: Evaluate - Document exercise findings, lessons learned, and next steps.

An effective tabletop exercise can be used to evaluate the following:

  • Organizational Preparedness - Expose operational weak points and transition teams from a reactive approach towards a more proactive security program.
  • Enhanced threat detection, prevention, analysis, and response - Enhance the collaboration and use of your security investment through the simulated evaluation of your threat collaboration environment.
  • Improve threat visibility and information sharing - Promote both internal and external information sharing to enable good decision making.
  • Reinforce accountability and responsibility - Establish a clear level of accountability throughout the security program incident response program, and ensure role responsibility for all tasks and processes involved in service delivery.
  • Ensure return on security investment - Evaluate core staff on their use of process and technology to defend the organization.
  • Identify opportunities for continuous improvement - Provide increased visibility into current performance levels, and accurately identify opportunities for continuous improvement with a holistic measurement program.

Executive Summary

Info-Tech Insight:

  • 1. Establish communication processes and channels well in advance of a crisis. Don't wait until a state of panic. Collaborate and share information mutually with other organizations to stay ahead of incoming threats.
  • 2. Security operations is no longer a center, but a process. The need for a physical security hub has evolved into the virtual fusion of prevention, detection, analysis, and response efforts. When all four functions operate as a unified process, your organization will be able to proactively combat changes in the threat landscape.
  • 3. You might experience a negative return on security control investment. As technology in the industry evolves, threat actors will adopt new tools, tactics, and procedures. A tabletop exercise will help ensure teams are leveraging your security investment properly by measuring relevant situational awareness provided during the exercise, ensuring teams are staying on top of the rapidly evolving threat landscape.

Situation:

  • Threat management has become resource intensive, requiring continuous monitoring, collection, and analysis of massive volumes of security event data.
  • Security incidents are inevitable, but how they are handled is critical.
  • The increasing use of sophisticated malware is making it difficult for organizations to identify the true intent behind the attack campaign.
  • The incident response is often handled in an ad hoc or ineffective manner.

Complication:

  • Many organizations are developing ad hoc intelligence capabilities that result in operational inefficiencies, the misalignment of resources, and the misuse of security technology investments.
  • Tracked incidents are often classified into "out-of-the-box" responses that are not necessarily applicable to the organization. With so many classifications, tracking becomes inefficient and indigestible, allowing major incidents to fall through the cracks.
  • It is difficult to communicate the value of a threat intelligence program when trying to secure organizational buy-in to gain the appropriate resourcing.

Resolution:

Establish and design a tabletop exercise capability to support and test the efficiency of the core prevention, detection, analysis, and response functions that consist of an organization's threat intelligence, security operations, vulnerability management, and incident response functions. This blueprint will walk through the steps of developing a scalable and systematic tabletop exercise relevant to your organization.

Back to Top