Sand table deduction is based on the actual attack and defense drill , On the attack route 、 When the effectiveness of attack means is proved , Evaluate the possible impact of real cyber attacks on government and enterprise institutions and public security , Including economic losses 、 Reputation loss and social impact ; meanwhile , Evaluate the effectiveness of emergency response in the process of attack and defense .
The traditional actual attack and defense drill pays more attention to the security risks and attack effectiveness at the technical and management levels , Therefore, sand table deduction is not a necessary stage . however , As an important process of safety loss assessment , Sand table deduction provides scientific and reasonable safety planning for the drilling organization 、 Safety construction and safety investment provide a key reference . therefore , Once the concept and method of sand table deduction were put forward, it attracted much attention , And has been absorbed and adopted in more and more actual attack and defense exercises .
The overall planning and organization process of sand table deduction is divided into several stages , It mainly includes the following four stages .
One 、 Organization planning stage
The main purpose of the organization planning stage is to establish a deduction organization 、 Clarify the deduction goal 、 Build a deduction platform 、 Determine the deduction process and formulate deduction rules, and form a planning plan , Lay a foundation for sand table deduction .
To ensure the smooth completion of sand table deduction , We need to set up a sand table deduction Working Group , Including the command group 、 Attack group 、 Defense team 、 Expert group .
According to the sand table, we need to achieve the goal and influence range , Select the target system to be attacked . Generally, priority should be given to key business systems 、 The business private network covering multiple areas is deduced as the simulated attack target .
In order to reflect the results of both sides in the deduction process , It is convenient for the expert group to comment according to the scoring rules , It is necessary to build a sand table deduction platform . The deduction platform can show the offensive and defensive means for both sides in the deduction process , Help the expert group score according to the scoring rules .
The deduction stage is the most important stage in the sand table deduction process . The deduction process is divided into multiple deductions according to different business scenarios , Each deduction is set to one or more rounds according to different attack schemes .
The first element of sand table deduction is rules , Such as how the attacker proves the feasibility of the attack route and means , How does the defender prove the feasibility of its countermeasures and the possible response cycle . Both offensive and defensive sides need to jointly provide guarantee for the scientificity of the evaluation results . The goal of formulating rules is also to ensure the scientificity of this result , The command group shall formulate corresponding scoring rules according to the actual environment .
The deduction cycle is generally recommended as 1~2 God , No more than 3 Hours . It is suggested that the attack team should 1 Announce the attack plan to the defense team within hours , Because doing a good job in the confidentiality of the attack plan is to simulate the actual attack process to the greatest extent 、 An effective way to test the reaction ability of the defense team . The deduction time of both offensive and defensive sides should be controlled within the specified range .
Two 、 Rehearsal preparation stage
In the stage of rehearsal preparation, the attack team needs to submit the attack plan in advance , The expert group reviews and guides the attack group to adjust and optimize the scheme , Select excellent schemes to be included in the deduction .
Build a deduction platform based on the actual scene , Import the attack group scheme to form an attack roadmap , And introduce the defensive team plan before the deduction , It is mainly used to show the defense plan in the process of defense group cross examination , Open the corresponding expert group account .
According to the deduction mode, it can accommodate the attack group 、 Defense team 、 Expert group 、 The site of the command group and other personnel , Build a large display screen according to the actual situation of the on-site environment 、 Attack and defense booth 、 Lights, etc .
This includes the attack team 、 The defense team 、 On site support personnel 、 On site filmmakers 、 The host is ready .
3、 ... and 、 Sand table deduction stage
Sand table deduction is planned by the command group according to the deduction , Coordinate the implementation of attack group and Defense Group . Sand table deduction stage mainly involves the deduction process 、 Assess the impact 、 Expert scoring and other work .
Sand table deduction is mainly elaborated and confronted by the offensive and defensive sides according to the corresponding plan . In the process of deduction, the command group should ensure that both parties implement the rules in the process of cross examination , The concerns of both sides should not deviate .
By the assessor , That is, defensive finance 、 The conference and public relations personnel will evaluate the impact of the deduction after the cross examination between the offensive and defensive sides , And output the feasibility evaluation plan and evaluation loss document of the offensive and defensive sides in this deduction .
After the confrontation between the offensive and defensive sides , According to the scoring rules, the expert group comments and scores the feasibility of the schemes of both sides . The scoring rules of the attack group mainly consider the technical level 、 Attack harmfulness 、 Feasibility, etc , The scoring rules of the defense team mainly consider monitoring 、 Find out 、 Emergency response 、 Coordination and cooperation .
The on-site platform 、 exhibition booth 、 Routine inspection of network links , Ensure resources ; Identify emergency contact list , The emergency contact person is mainly responsible for the emergency matters of the sudden failure of the on-site platform or booth , Implementation plan , In case of emergencies, report to the command group .
Four 、 Summary evaluation phase
The purpose of the summary and evaluation stage is to review the overall process of sand table deduction 、 Summarize and report . After the deduction , The attack group and defense group need to provide the command group with relevant materials of this deduction , The command group reviews these materials , And determine how to carry out the follow-up work .
原网站版权声明
本文为[InfoQ]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/189/202207072238039510.html