SecureByDesign-Playbook
Quick Start: Security Picture
You have listed your assets, got some idea of where they are and how they move and how you access them, and listed the main threats.
Now put them together:
How might these adversaries navigate this network to affect these assets.
These are the courses of action that an adversary might take.
Along those courses of action, they are likely to come across your existing defences so note these against these courses of action, and how likely these are to prevent or reduce the threat.
Pick out:
- Which parts of the network have the most valuable assets; the ones where the impact of nicking, bricking or tricking the assets in those places are highest.
- These are your vital spaces
- Routes between these vital spaces and our adversaries. These are the attack vectors.
This will give you your vulnerabilities: the courses of action that the adversaries may take to use the attack vectors to reach your vital spaces, and you do not have good enough defences to stop them.
You may find that you are starting to generate lots of possibilities. Pick the important ones: the ones with the most valuable assets that can be reached by the most capable threats, and with the least defences.
Back to Playbook ● Home Example ● Next: Quick-Start Defences ● Smarter Security Pictures