Peer to Peer: ILTA's Quarterly Magazine
Issue link: https://epubs.iltanet.org/i/1533864
40 MARK BROPHY, MS, CISM, CISSP, is the Chairperson of the FBI InfraGard for the Legal Cross-Sector Council, twice nominated ILTA Peer of the Year and one of the original member co-founders of ILTA LegalSEC. He has worked part-time as an adjunct professor of cybersecurity at several colleges and universities. With a master's degree, over a dozen information security certifications, and 20-plus years of experience working for AMLaw 100 and AMLaw 200 law firms, Mark now solely focuses on the prevention and investigation of cyber incidents as an Incident Responder and DFIR Team Lead for SecurIT360. You can reach Mark at mbrophy@securit360.com. NEXT LEVEL You can explore various scenarios once you have mapped out a few processes using the Cyber Kill Chain framework. Incident Response Tabletop exercises with a qualified security team are a great way to face the "what if" possibilities in a controlled environment. As time allows, test each control to ensure they work as intended. This can be done individually or with a Purple Team Engagement with a security team, where they impersonate a TA for the controlled test. You can also work with a security team in an "Assumed Breach" exercise. In this model, you engage with a TA at the Command and Control stage. Since the TA is closer to their objective at the beginning, the test is to see if you can detect and stop them before it is too late. External security assessments are often the best starting point if your organization needs security policy and procedures assistance. The Cyber Kill Chain helps identify and prevent cyber intrusions by breaking the attack lifecycle into distinct steps. By matching attack stages to your detective, preventive, and reactionary controls, you can quickly determine if gaps exist for each network architecture. The Cyber Kill Chain also shows how important it is to have multiple controls and layers at each stage to prevent a single point of failure. The key takeaway is that anyone can do this regardless of company size, technology, or budget. It allows you to cross-check to ensure your deployment can appropriately meet the challenges it will eventually face head-on. MORE ONLINE Learn about the Cyber Kill Chain in this episode of Quick-Hit Security with Mark Brophy from SecurIT360. Mark breaks down the phases of common cyber attacks and how any organization can use this model to improve security posture. {