Lesson 7: Invest in good technological defenses, but do not under invest in people who will be operating this equipment.
Another, related lesson learned here is the need to strive to be excellent, rather than average. This stems from the view that we had taken during many simulation results that we were still doing "pretty good" when looked at in the context of all sectors taken together. We took solace in our being above average in many areas, while our bias cause us to discount the areas we did notn't excel at as possibly being less important. In truth, it is critical to a company that wants to stay …show more content…
Hacker access, activist access, an insider attack. Hacker access involves an outside entity gaining access to the network via unpatched systems, vulnerability, or by any other technical means. Activist access consists of a hacker affecting the network maliciously with a political or moral agenda in mind. Insider attack can be the most dangerous of the three. This involves someone within the organization do harm to the network using the credential or access they were granted to perform their regular duties. To combat these concerns, the team focused on four different controls.
Insider Attack: The setting on the firewalls was set to maximum. The setting allowed the network reject, block, or deny potentially malicious payloads that would allow access. Authentication, RBAC, IDPS, and firewalls were used in conjunction to reduce insider threat opportunities. Additionally, these systems notified network administrators of any foreign presence within the boundary.
Hacker Access: The team focused on patch management, firewall strictness, DNS redundancy, IDPS, authentication, and role-based access control to reduce network access