From 15c59226f3d75283f007ce1d160714ace16246d1 Mon Sep 17 00:00:00 2001 From: Anton Nesterov Date: Sun, 25 Aug 2024 21:02:08 +0200 Subject: [PATCH] vault backup: 2024-08-25 21:02:08 --- .obsidian/workspace.json | 23 +++++----- 01 - Planning Considerations.md | 15 ++++++- templates/ASSET INVENTORY.md | 28 ++++++++++++ templates/INCIDENT REPORT TEMPLATE.md | 13 ++++++ ...TEMPLATE.md => PENTEST REPORT TEMPLATE.md} | 0 templates/RISK REGISTER.md | 44 +++++++++++++++++++ 6 files changed, 111 insertions(+), 12 deletions(-) create mode 100644 templates/ASSET INVENTORY.md create mode 100644 templates/INCIDENT REPORT TEMPLATE.md rename templates/{REPORT TEMPLATE.md => PENTEST REPORT TEMPLATE.md} (100%) create mode 100644 templates/RISK REGISTER.md diff --git a/.obsidian/workspace.json b/.obsidian/workspace.json index b212703..e1e633b 100644 --- a/.obsidian/workspace.json +++ b/.obsidian/workspace.json @@ -4,16 +4,16 @@ "type": "split", "children": [ { - "id": "f988ee96b5907f34", + "id": "b60c03005b6482a8", "type": "tabs", "children": [ { - "id": "44ccb9000ca67a7b", + "id": "21b5784e2023f491", "type": "leaf", "state": { "type": "markdown", "state": { - "file": "templates/legal/Non-Disclosure Agreement.md", + "file": "01 - Planning Considerations.md", "mode": "source", "source": false } @@ -86,7 +86,7 @@ "state": { "type": "backlink", "state": { - "file": "templates/legal/Non-Disclosure Agreement.md", + "file": "01 - Planning Considerations.md", "collapseAll": false, "extraContext": false, "sortOrder": "alphabetical", @@ -103,7 +103,7 @@ "state": { "type": "outgoing-link", "state": { - "file": "templates/legal/Non-Disclosure Agreement.md", + "file": "01 - Planning Considerations.md", "linksCollapsed": false, "unlinkedCollapsed": true } @@ -126,7 +126,7 @@ "state": { "type": "outline", "state": { - "file": "templates/legal/Non-Disclosure Agreement.md" + "file": "01 - Planning Considerations.md" } } } @@ -147,16 +147,19 @@ "command-palette:Open command palette": false } }, - "active": "44ccb9000ca67a7b", + "active": "21b5784e2023f491", "lastOpenFiles": [ - "templates/legal/Request for Information (RFI).md", + "templates/ASSET INVENTORY.md", + "templates/RISK REGISTER.md", + "01 - Planning Considerations.md", + "templates/PENTEST REPORT TEMPLATE.md", + "templates/INCIDENT REPORT TEMPLATE.md", "templates/legal/Non-Disclosure Agreement.md", + "templates/legal/Request for Information (RFI).md", "templates/legal/Statement of Work.md", - "templates/REPORT TEMPLATE.md", "templates/Untitled Diagram.svg", "templates/METHODOLOGY.svg", "Pasted image 20240824205517.png", - "01 - Planning Considerations.md", "2024-08-24.md", "Untitled.md", "templates/legal/DPA-en.odt", diff --git a/01 - Planning Considerations.md b/01 - Planning Considerations.md index 7075c16..a2759fe 100644 --- a/01 - Planning Considerations.md +++ b/01 - Planning Considerations.md @@ -3,17 +3,27 @@ - Identify targets of the engagement - Identify scope and size of the engagement - +- Surface area of engagement ## Objective Asses reasons for the assessment. Security, risk assessments, customer personal data protection, etc. +Identify Protected Assets + +[[ASSET INVENTORY]] +[[RISK REGISTER]] ## Compliance Establish guidelines (or necessity) for compliance with internal and external regulations. Example: PCI DSS +- Strictly defined surface area of engagement + +[[Statement of Work]] +[[Non-Disclosure Agreement]] +[[Request for Information (RFI)]] + ## Resources 1. Define budgeting requirements for the campaign. @@ -31,7 +41,8 @@ Example: PCI DSS ## Product/Report Establish reporting guidelines -[[REPORT TEMPLATE]] + +[[PENTEST REPORT TEMPLATE]] ## Technical Constraints diff --git a/templates/ASSET INVENTORY.md b/templates/ASSET INVENTORY.md new file mode 100644 index 0000000..5964f26 --- /dev/null +++ b/templates/ASSET INVENTORY.md @@ -0,0 +1,28 @@ + +*Assets are classified by the sensitivity category and access level.* + +| **CATEGORY** | **ACCESS** | +| --------------- | ------------------------- | +| *Restricted* | Need-to-know | +| *Confidential* | Limited to specific users | +| *Internal-only* | Users on-premises | +| *Public* | Anyone | + +### Physical Assets + +| | ASSET | NET ACCESS | OWNER | LOCATION | NOTES | SENSITIVITY | +| --- | ---------------- | ---------- | ------------------------------- | ------------------- | --------------------------------------------------------------------------------------------------- | ------------- | +| 1 | Network router | Continuous | Internet service provider (ISP) | On-premises | Has a 2.4 GHz and 5 GHz connection. All devices on the home network connect to the 5 GHz frequency. | Confidential | +| 2 | Desktop | Occasional | Homeowner | On-premises | Contains private information, like photos. | Restricted | +| 3 | Guest smartphone | Occasional | Friend | On and Off-premises | Connects to my home network. | Internal-only | +| 4 | | | | | | | +| 5 | | | | | | | +| 6 | | | | | | | + +### Digital Assets + +| | ASSET | NET ACCESS | OWNER | LOCATION | NOTES | SENSITIVITY | +| --- | --------------- | ---------- | ----------- | ------------ | --------------------- | ------------- | +| 1 | CRM Database | Countinus | Management | Azure PG | - | Confidential | +| 2 | Figma Templates | VPN | Design Team | Google Cloud | intellectula property | Internal-Only | +| 3 | | | | | | | diff --git a/templates/INCIDENT REPORT TEMPLATE.md b/templates/INCIDENT REPORT TEMPLATE.md new file mode 100644 index 0000000..a028fe6 --- /dev/null +++ b/templates/INCIDENT REPORT TEMPLATE.md @@ -0,0 +1,13 @@ + + +| | | +| ------------------------------------------------------------------------------------------------------------------------------------------------------------ | --- | +| Section 1: Identify the type of attack that may have caused this 

network interruption | | +| One potential explanation for the website's connection timeout error message is:



The logs show that: 



This event could be: | | + + + +| | +|---| +|Section 2: Explain how the attack is causing the website to malfunction| +|When website visitors try to establish a connection with the web server, a three-way handshake occurs using the TCP protocol. Explain the three steps of the handshake:

1.



2. 



3.



Explain what happens when a malicious actor sends a large number of SYN packets all at once:



Explain what the logs indicate and how that affects the server:| \ No newline at end of file diff --git a/templates/REPORT TEMPLATE.md b/templates/PENTEST REPORT TEMPLATE.md similarity index 100% rename from templates/REPORT TEMPLATE.md rename to templates/PENTEST REPORT TEMPLATE.md diff --git a/templates/RISK REGISTER.md b/templates/RISK REGISTER.md new file mode 100644 index 0000000..8c99dfc --- /dev/null +++ b/templates/RISK REGISTER.md @@ -0,0 +1,44 @@ + +### Operational environment: + +The bank is located in a coastal area with low crime rates. Many people and systems handle the bank's data—100 on-premise employees and 20 remote employees. The customer base of the bank includes 2,000 individual accounts and 200 commercial accounts. The bank's services are marketed by a professional sports team and ten local businesses in the community. There are strict financial regulations that require the bank to secure their data and funds, like having enough cash available each day to meet Federal Reserve requirements. + + + + +| | | | | | | +|---|---|---|---|---|---| +|Asset|Risk(s)|Description|Likelihood|Severity|Priority| +|Funds|Business email compromise|An employee is tricked into sharing confidential information.|||| +|Compromised user database|Customer data is poorly encrypted.|||| +|Financial records leak|A database server of backed up data is publicly accessible.|||| +|Theft|The bank's safe is left unlocked.|||| +|Supply chain disruption|Delivery delays due to natural disasters.|||| +|Notes|How are security events possible considering the risks the asset faces in its operating environment?| | | | | + + + + +Asset: The asset at risk of being harmed, damaged, or stolen. + +Risk(s): A potential risk to the organization's information systems and data. + +Description: A vulnerability that might lead to a security incident. + +Likelihood: Score from 1-3 of the chances of a vulnerability being exploited. A 1 means there's a low likelihood, a 2 means there's a moderate likelihood, and a 3 means there's a high likelihood. + +Severity: Score from 1-3 of the potential damage the threat would cause to the business. A 1 means a low severity impact, a 2 is a moderate severity impact, and a 3 is a high severity impact. + +Priority: How quickly a risk should be addressed to avoid the potential incident. Use the following formula to calculate the overall score: Likelihood x Impact Severity = Risk + +## Sample risk matrix + +--- + + +| | | | | +|---|---|---|---| +||Low

1|Moderate

2|Catastrophic

3| +|Certain

3|3|6|9| +|Likely

2|2|4|6| +|Rare

1|1|2|3|