This was an event ran by Martin at our 8/31/2017 meeting. The topic was “CXO Table Top” - the event was a selection of scenarios where we were given roles of a C-Level Executive within a pre-determined scenario. Starting with the attacker, each person was given one move, or play. Valid moves are anything within reason that an organization could do.
Potential roles & order of play: Attacker → CEO → COO → CFO → CIO → CMO → Repeat till time.
Our time limits were unfortunately set to 15-20 minute constraints.
A scenario for example, would be:
You walk in at 8AM & nobody can work due to ransomware on all the PCs.
Attack Move 1: I'd do nothing this first round, as they are already disabled
CEO Move 1: .
COO Move 1: .
CFO Move 1: .
CIO Move 1: .
CMO Move 1: .
Attack Move 2: I would post news of the attack to social media as they have not done that yet.
CEO Move 2: .
COO Move 2: .
CFO Move 2: .
CIO Move 2: .
CMO Move 2: .
Attack Move 3: I would see about social engineering the site so I can maintain persistent access. I would see if I can implement attacks on the wire & compromise their updates.
CEO Move 3: .
COO Move 3: .
CFO Move 3: .
CIO Move 3: .
CMO Move 3: .
By this time, the time had been called, but you can see how this can go on for a long time if you are up for it & have dedicated players. After one scenario has played out, new individuals are selected for the next scenario.
Any feedback for additional advice or resources should be directed messaged to @mgep104 on Twitter.
Here are some additional resources if you want to learn more.
|Defensive Security Handbook||An awesome book that discusses scenarios like these in the very first chapter|