What is a War-game exercise and how does it differ from other security assessment models such as audits, vulnerability assessments, and risk assessments?
The key differentiators for a War-game exercise are as follows:
- It begins by envisaging various compromise scenarios
- It then gets into understanding the controls to prevent, detect, and respond in each of the above scenarios
- It is a joint brainstorming exercise with the consulting team, the IT team, and the security teams
- It is shorter than an audit engagement – typically lasting 3-4 days of onsite effort
- As it is a collaborative exercise, the teams cooperate more and better solutions are arrived at
The War-Game assessment by Network Intelligence has the following phases
Since the assessment is an aggressive evaluation of state of network and security controls, it is necessary that all data is available at hand. A walk-through of the existing controls is taken; post which interviews are conducted with respective stake-holders to understand existing processes.
Data samples and configurations are evaluated at each step for different security controls – like IPS, Firewall, DLP – to identify if common mis-configurations have been avoided. Additionally, samples are gathered for standard processes – like log management, internet access, DLP alerts etc.
A cross-reference is built up of possible threat scenarios against the organization considering the vulnerabilities identified during the previous phases, as demonstrated below:
A war-game exercise carried out by an experienced team with a well-defined playbook and hundreds of case studies under its belt will benefit you in a number of ways:
Real security issues discovered quickly
Instead of an audit that is carried out on the basis of a well-defined policy and procedure framework or an international standard such as ISO 27001, the war-game exercise gets the participants to brainstorm on actual hacking scenarios. As a result, issues can be discussed threadbare and controls evaluated on the fly.
Avoiding the usual audit barriers
Since, this exercise is not a typical audit, the usual barriers from the IT and security teams are not there. There is a far higher level of cooperation amongst the participants and a sense to arrive at solutions rather than blame individuals or systems.
Arrive at effective solutions
A war-game exercise is able to identify real security issues and arrive at practical solutions far more quickly than a typical audit exercise. An audit might last for 4-6 weeks, whereas a war-game typically lasts for 3-4 days of onsite work and another 4-5 days for preparing the final report.
Aid in developing Information Security Strategy
This assessment will help develop an Information Security Strategy by identifying focus and growth areas, as well as best practices in the implementation of the strategy.