CyberInsights Weekly #7
Your weekly dose of learnings from cybersecurity news
I. Arrested for Red Team exercises
A red team from Coalfire systems presented their ordeal at Blackhat 2020. They were arrested despite having legal authorisation to conduct a penetration test.
Know your risks during red team exercises - from attacking out of scope systems to unclear lines of communication to unnecessary panic in the organisation.
CISO Check:
Do you have a process to inform key stakeholders before the red team exercise?
What is your communication protocol during red team exercises between the sponsors and the red team?
II. Vulnerability Management Maturity Model
SANS has published a Vulnerability Management Maturity Model.
A step in the right direction!
Vulnerability Management is not just running tools and patching systems. It is a holistic process that should improve over time.
CISO Check:
How does your vulnerability management program stack up against this model?
III. Quote of the week
Any sufficiently advanced bug is indistinguishable from a feature. — Rich Kulawiec, with apologies to Arthur C. Clarke.
Have an original interesting cybersecurity quote? Let us know in the comments and we will publish it along with your name in our quotes section.