An application of tactical level Active Defense

Let's try to apply what we've just learned.

The Dadi Inc. CEO just learned about threat actor A from a news source and how they have been causing other organizations' websites to go offline. Much to the CEO's surprise, Dadi Inc's CIO has already established that threat actor A is a credible threat to the organization with a high impact on the operation of Dadi Inc:

The CIO explains that the communications infrastructure is in place and that he is getting reports from his regional teams. Operations are ready to take action if the threat materializes. The CEO nods his head and the CIO resumes his plan for the day:

Meanwhile, at the regional office the IT regional officer is getting reports from the corporate cyber intel program officer that threat actor A is on the move again. The IT regional officer ensures that the IT security managers and IT operations managers are also kept in the loop by providing them information they need to take action: 

Threat Actor A TTPs

Country of Origin: X Country
Type of Attack: Distributed Denial of Service
Method: Bot net, Ping of Death
Target Organizations: Dadi Inc
Risk and Impact: High/High

Although there are many things to monitor, after a call with the CIO, the IT regional officer starts the requests to change monitoring from other priorities to start targeting more information on threat actor A. These changes are passed down through the channels to the IT security and IT operations managers to their teams for action at the tactical level.

With threat actor A in mind, the managers begin to reassess their priorities and task out their teams accordingly. With the help of the IT risk department, each team has Key Risk Indicators that have been assigned for them to monitor in regards to a DDOS attack and will make any further calibrations to their tools so that they can provide the most accurate reports to their supervisors. Until threat actor A starts an attack, the day grinds on for the team.

Will Dadi Inc. be safe from a DDOS attack from threat actor A? How will the teams use cyber intelligence to enable Active Defense?

To be continued...

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.145.173.199