Take the BAIT?

I’m starting something new on my frivolous blog!

I had the fortunate opportunity to create ‘breach impact assessment reports’ in one of my past roles. I really enjoyed creating these! Ultimately, I would gather as much information about publicly disclosed breaches that happened at organizations similar to ours (or close enough) and build out a single page debrief on what happened. The ultimate goal was to learn from these unfortunate events and map our own security posture against this breach in order to better understand our strengths, weaknesses, opportunities, and threats. Yup, essentially a SWOT analysis. Lastly, there would be recommendations of what we need to do to fill gaps, provide a narrative to how we would reposed to similar incidents, and package any threat intelligence to help create preventive controls.

As breaches at organizations around the world continue to happen (what seems like daily), I find myself going through all of the known details and I think about what could have been done to prevent the breach altogether and/or what detective controls could have stopped the incident in it’s track- as early in the killchain as possible. Essentially I’m doing a breach impact assessment for my own education and the simple fact I geek out for things like this.

Image 1: Killchain graphic | source: lockheedmartin.com

So, what am I starting? I’m calling it BAIT- Breach Analysis & Intelligence Transcript.

I’ll select breaches and incidents that have significant impacts and collect various resources around the web and combine them to essentially put together my own BAIT report.

Since this new, I’ll start start with the below structure for these types of posts.

I. Executive Summary
II. Who/What/When/Where/Why
III. Flow of Attack
IV. Red/Blue Team Perspective
V. Call to Action

Stay tuned! First BAIT entry is in the works!