Scenario based exercises

To recognise and successfully defend an attack, there is reliance on multiple systems, personnel, procedure, policy and more.

However, all too frequently the first time these systems, both individually and as a cohesive unit, are put to the test is when an attack occurs. This is the worst set of circumstances under which to test the effectiveness of a system, however very few firms take the time in advance to demonstrate the effectiveness of these systems and human controls around them. We are champion of scenario based exercises designed to evaluate the effectiveness of security devices, controls and solutions.

This is a consultative engagement designed around a client’s network, risk profile, operational circumstances and current concerns. The scope could be very tight, encompassing just one or a few systems (such as smuggling Portcullis designed malware through the corporate gateway to a predetermined user / system) or much broader and dynamic (such as replicating a malicious internal user, with free reign until such time as they are captured).

This isn’t the sort of exercise that is passed or failed. Instead it brings new understanding to the table; a better understanding of what the security function is and isn’t capable of. The findings can be taken into product selection, reconfiguration or redesign, training, policy review and similar.

Why scenario based exercises?

• A better understanding of what the security function can and cannot do.