Introduction

What is a War-game exercise and how does it differ from other security assessment models such as audits, vulnerability assessments, and risk assessments?



The key differentiators for a War-game exercise are as follows:

It begins by envisaging various compromise scenarios

It then gets into understanding the controls to prevent, detect, and respond in each of the above scenarios

It is a joint brainstorming exercise with the consulting team, the IT team, and the security teams

It is shorter than an audit engagement – typically lasting 3-4 days of onsite effort

As it is a collaborative exercise, the teams cooperate more and better solutions are arrived at

The War-Game assessment by Network Intelligence has the following phasesSince the assessment is an aggressive evaluation of state of network and security controls, it is necessary that all data is available at hand. A walk-through of the existing controls is taken; post which interviews are conducted with respective stake-holders to understand existing processes.Data samples and configurations are evaluated at each step for different security controls – like IPS, Firewall, DLP – to identify if common mis-configurations have been avoided. Additionally, samples are gathered for standard processes – like log management, internet access, DLP alerts etc.A cross-reference is built up of possible threat scenarios against the organization considering the vulnerabilities identified during the previous phases, as demonstrated below:A war-game exercise carried out by an experienced team with a well-defined playbook and hundreds of case studies under its belt will benefit you in a number of ways:Instead of an audit that is carried out on the basis of a well-defined policy and procedure framework or an international standard such as ISO 27001, the war-game exercise gets the participants to brainstorm on actual hacking scenarios. As a result, issues can be discussed threadbare and controls evaluated on the fly.Since, this exercise is not a typical audit, the usual barriers from the IT and security teams are not there. There is a far higher level of cooperation amongst the participants and a sense to arrive at solutions rather than blame individuals or systems.A war-game exercise is able to identify real security issues and arrive at practical solutions far more quickly than a typical audit exercise. An audit might last for 4-6 weeks, whereas a war-game typically lasts for 3-4 days of onsite work and another 4-5 days for preparing the final report.This assessment will help develop an Information Security Strategy by identifying focus and growth areas, as well as best practices in the implementation of the strategy.