DFIR News

December 2020
This month we will discuss…


Effective steps to cyber exercises creation
This publication includes the points to consider when conducting a cyber exercise; starting with the objectives and benefits of this type of training and going through all the steps to take into account during the design, creation and execution processes of the activity. Following all the guidelines will ensure that the activity provides the desired knowledge to all participants, as well as uncovering areas for improvement throughout the Cybersecurity Department.
op_dfirn_2020_12_1_1.jpg

What can you get?

The most interesting thing about the article is that it presents the process of developing a Cybex in a simple and organized way. Among all the steps provided by the document, there are two that are sometimes ignored and that could be two critical aspects. The first point is the “Secure Senior Level Endorsement”; this ensures that top management understands the importance of Cybex. Without taking this into account, the activity may not even occur if it is not approved, so an effort should be made to be clear about the benefits and needs of the exercise. The other step that should always be taken is “Capture evidence and feedback and identify lessons in a post-exercise report”. One of the main goals of Cybex is to test response capabilities and discover areas for improvement. This “lesson learned” step, which should include a post-exercise report, will be used as a guide for the client to begin making changes and improvements throughout the response department. In addition, this may lead to a new Cybex to test the changes made.

What we recommend?

Specifically for One eSecurity, this article may serve as the cornerstone when developing a Cybex. Some of the steps included in this article are already being followed when developing a Cybex, but some of them may improve the quality and the value of these activities, such as those mentioned in the last paragraph.

By MSP. Forensic Analyst at ONE



Cyber exercise playbook
This article goes beyond basic steps when preparing a cyber exercise and presents a comprehensive playbook that includes all the details of cyber exercises. The playbook provides information about the different types of Cybex, recommendations for the design, development, and execution of the same, and includes different samples that can be used for exercises.
op_dfirn_2020_12_1_2.jpg

What can you get?

There are several parts of this manual that deserve attention when designing a Cybex. First, you need to choose the type of exercise that best suits the target company; It would not make sense to carry out the more complex full life in a company that is starting to create a cybersecurity department. This paybook nicely simplifies the different types of cyber exercises and the target audience in Table 5: Exercise structures. The “Exercise Planning Cycle” section includes helpful recommendations and even form templates that could be used to organize the Cybex creation process. Also, some of the sample scenarios presented in the work could be used as starting points for new exercises, always adapting the content to the characteristics of the target company.

What we recommend?

Currently, the type of Cybex developed by One eSecurity is somewhere between the Tabletop and the Hybrid (as defined in this playbook). However, companies sometimes request more realistic activities. From this article, the ONE's Cybex Technical Unit can gain knowledge and ideas about how to implement “Full Live” exercises (as defined in the playbook) which may bring what the ONE's Cybex Technical Unit is doing to the next level. Combining the ideas presented in this article with the real-life incident experience provided by ONE's Cybex Technical Unit may result in exercises highly realistic with great benefits for the target company.

By MSP. Forensic Analyst at ONE


This website www.one-esecurity.com uses its own and third party cookies to collect information that helps to optimize your visit to their web pages. Cookies will not be used to collect personal information. You can either allow or reject their use. You can also change their settings at any time. You will find more information on our Cookie Policy page.

OK