Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • 71 views

    Purple Team Exercise 20-01 Execution Matrix: Centralian Infrastructure Services

    Uploaded by

    Jonathan Gill
    The document outlines plans for a purple team exercise between a red team and security operations center (SOC) to test cybersecurity defenses. It includes the exercise objectives, timeline, roles and responsibilities, expected tactics and techniques from two threat assessments, and a task tracker to monitor progress. The goal is for the red team to emulate realistic attacks while the SOC defends the network and identifies controls to strengthen.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd

    Purple Team Exercise 20-01 Execution Matrix: Centralian Infrastructure Services

    Uploaded by

    Jonathan Gill
    71 views9 pages
    The document outlines plans for a purple team exercise between a red team and security operations center (SOC) to test cybersecurity defenses. It includes the exercise objectives, timeline, roles and responsibilities, expected tactics and techniques from two threat assessments, and a task tracker to monitor progress. The goal is for the red team to emulate realistic attacks while the SOC defends the network and identifies controls to strengthen.

    Original Description:

    Purple Team Threat Assessment Worksheet

    Original Title

    PurpleTeamTemplate

    Copyright

    © © All Rights Reserved

    Available Formats

    XLSX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document outlines plans for a purple team exercise between a red team and security operations center (SOC) to test cybersecurity defenses. It includes the exercise objectives, timeline, roles and responsibilities, expected tactics and techniques from two threat assessments, and a task tracker to monitor progress. The goal is for the red team to emulate realistic attacks while the SOC defends the network and identifies controls to strengthen.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Download as xlsx, pdf, or txt
    71 views9 pages

    Purple Team Exercise 20-01 Execution Matrix: Centralian Infrastructure Services

    Uploaded by

    Jonathan Gill
    The document outlines plans for a purple team exercise between a red team and security operations center (SOC) to test cybersecurity defenses. It includes the exercise objectives, timeline, roles and responsibilities, expected tactics and techniques from two threat assessments, and a task tracker to monitor progress. The goal is for the red team to emulate realistic attacks while the SOC defends the network and identifies controls to strengthen.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Download as xlsx, pdf, or txt
    of 9

    Centralian Infrastructure Services Sponsor: I.M.

    Portant
    Purple CISO/800-867-5309
    Team Exercise 20-01 Exercise Control: I.B. Incharge
    Execution Matrix DTID/800-867-5309

    ATT&CK Tactic Technique Effect Source Planned Detection

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Discovery

    Lateral Movement

    Command & Control

    Collection

    Exfiltration

    Impact
    Threat Lead: U.G. Onnagethacked
    Red Team Director/800-867-5309
    Defense Lead: I.C. Everything
    SOC Director/800-867-5309

    Expected Result Actual Result


    Deconfliction and Cease-Fire POCs:
    Director, IT Ops
    Help Desk Senior Manager

    Notes
    Sponsor: I.M. Portant
    Centralian Infrastructure Services CISO/800-867-5309
    Purple Team Exercise 20-01 Task Tracker Exercise Control: I.B. Incharge
    DTID/800-867-5309

    Phase Task Responsible Party Deadline

    Orientation & Mission Analysis


    Environment Survey
    1 Terrain Analysis
    Threat Selection
    Pipeline Evaluation
    Exercise Goals Conference
    Emulation Control Measures
    Controls Under Evaluation
    Schedule and Timing
    2 Daily Battle Rhythm
    Trusted Agent Roster
    Deconfliction Procedures
    Threat-Control Alignment
    Hint Bank

    Phase III//Execution/

    Initial Outbrief
    Risk Mitigation Plan
    4 EXSUM
    Final Outbrief
    Continuous Defense Plan
    I.M. Portant Threat Lead: U.G. Onnagethacked
    0-867-5309 Red Team Director/800-867-5309
    Control: I.B. Incharge Defense Lead: I.C. Everything
    0-867-5309 SOC Director/800-867-5309

    Status Notes

    Pending
    Pending
    Pending
    Pending
    Pending
    Pending
    Pending
    Pending
    Pending
    Pending
    Pending
    Pending
    Pending
    Pending
    Phase III//Execution//Refer to Emulation Plan

    Pending
    Pending
    Pending
    Pending
    Pending
    Deconfliction and Cease-Fire POCs:
    Director, IT Ops
    Threat Intelligence Lead
    CTI Cell Lead/800-867-5309

    Notes
    Threat Assessment Worksheet

    Industry Vertical(s):

    Which actors have targeted in the past?

    Updated: Threat 1-Advanced Threat


    12-May-20 APT 41
    Tactic ATT&CK Techniques
    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Discovery

    Lateral Movement

    Command & Control

    Collection

    Exfiltration

    Impact
    Threat Intelligence Lead Threat Lead: U.G. Onnagethacked
    CTI Cell Lead/800-867-5309 Red Team Director/800-867-5309
    DTID: I.B. Incharge Defense Lead: I.C. Everything
    DTID/800-867-5309 SOC Director/800-867-5309
    Key Competitors, Peers, and Partners:

    Which have been breached and how?

    Threat 2-General Threats

    ATT&CK Techniques
    Detected On-Schedule
    Not Detected Pending
    Complete
    Late
    Blocked

    You might also like