Red Teaming : Regulatory and non-regulatory frameworks used in adversarial simulations
Saarainen, Ville (2021)
2021
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2021053112749
https://urn.fi/URN:NBN:fi:amk-2021053112749
Tiivistelmä
As cyber attacks have started to be more common, organizations have begun to realize that the resilient cyber defense has become a mandatory requirement. This has led multiple institutions to gather up and create various frameworks which can be used to evaluate an organization’s capabilities of detecting and mitigating these attacks. Some institutions have decided to create more regulated frameworks than others.
The frameworks used in adversarial simulations can vary substantially. The focus of this thesis is on defining the main differences between regulatory and non-regulatory frameworks and red teaming practices. Red teaming is examined from the implementation point of view, rather than technical. As the objective is to understand what red teaming is and how it is used, to better recognize the usefulness of these frameworks.
Six different frameworks were chosen for this thesis, based on their importance, popularity, and diversity: TIBER-EU, ATT&CK, Cyber Kill Chain, CBEST, AASE and gfma’s A framework for the regulatory use of penetration testing in the financial services industry. While most of the chosen frameworks are seen as high-level frameworks, the mid-level framework ATT&CK was chosen to bring diversity and to widen the range of possible frameworks. Each of these frameworks was examined the same way, the aim being in finding their core objectives, requirements, and processes.
Based on the findings, these frameworks were categorized with regards to their level of overall implementation regulation, service provider regulation and regulation of their result sharing. These findings can be used to determine where and how each of these frameworks could be utilized.
The frameworks used in adversarial simulations can vary substantially. The focus of this thesis is on defining the main differences between regulatory and non-regulatory frameworks and red teaming practices. Red teaming is examined from the implementation point of view, rather than technical. As the objective is to understand what red teaming is and how it is used, to better recognize the usefulness of these frameworks.
Six different frameworks were chosen for this thesis, based on their importance, popularity, and diversity: TIBER-EU, ATT&CK, Cyber Kill Chain, CBEST, AASE and gfma’s A framework for the regulatory use of penetration testing in the financial services industry. While most of the chosen frameworks are seen as high-level frameworks, the mid-level framework ATT&CK was chosen to bring diversity and to widen the range of possible frameworks. Each of these frameworks was examined the same way, the aim being in finding their core objectives, requirements, and processes.
Based on the findings, these frameworks were categorized with regards to their level of overall implementation regulation, service provider regulation and regulation of their result sharing. These findings can be used to determine where and how each of these frameworks could be utilized.