Back to all methodsPreparation
Preparation
Summary
This component consists of audit preparation activities that are needed to ensure the components of the audit are able to be conducted effectively and within the on-site time-frame.
Purpose
A SAFETAG audit has a short time frame. Preparation is vital to ensure that time on the ground is not spent negotiating over the audit scope, updating the auditor's systems, searching for missing hardware, or refreshing oneself with the SAFETAG framework. Preparatory discussions with the host organization help reveal if the organization has the capacity to undertake the audit and respond to its findings.
Guiding Questions
- Does the organization have existing digital security practices or has it attempted to implement them in the past?
- What agreements will govern the audit?
- What will be the procedure for incident handling in the event that the auditor causes or uncovers an incident during the course of the assessment?
- What are the legal, physical, or social risks for the auditor & organization associated with conducting the audit or having audit results leak? pets_legal_considerations
- Does the security situation of the location or organization require additional planning? Are your software tools up to date and working as expected?
Operational Security
- Prepare Systems: Update and test your systems, A/V and audit toolslatest_version_of_tools, prepare storage devices and systems to reflect the required operational security, and ensure you have power supply adapters, cables and relevant adapters, usb drives, external wireless cards and any other equipment needed for testing.
- Prepare for Travel: Check travel logistics if needed -- visa, letter of invitation, travel tickets and hotel reservations. Note that some visas can take significant effort and may require the auditor to be without a passport while they are being processed.
- Carefully consider packing needs and explanations travel_kit_appendix^,^nist_sp_800-115-travel_prep
Outputs
- An agreement with the organisation to receive the audit including scope, timeframe, confidentiality clauses, operational security measures or minimums, and points of contact.
- Systems updated and ready for testing.
- A custom password dictionary password_dictionary_resources (if password cracking activities expected).
- Risks to host and auditor conducting a SAFETAG audit.
- Modifications to the audit plan as necessary.
- Any Visas or paperwork needed, plus travel arragements (tickets, hotels) for auditor travel.
- A travel kit. travel_kit_appendix^,^nist_sp_800-115-travel_prep
In case audit involves travel:
References
- Tip Sheet: Facilitator Preparation Tips ( Integrated Security )
- Resource List: Password Dictionary Creation Resources (SAFETAG)
- Resource List: Social Engineering Resources (SAFETAG)
- Tip Sheet: Facilitator Preparation Tips ( Integrated Security )
- Guidelines: "Facilitator Guidelines" (Aspiration Tech)
- Guide: "Session_Design" (Aspiration Tech)
- Kit: "Resource Kit" (eQualit.ie)
- Questions: "Pre-Event_Questions" (Aspiration Tech)
- Guide: "Break Outs" (Aspiration Tech)
- Resources: "Be a Better Trainer" (Level-up)
- Standard: "Pre-Engagement" (The Penetration Testing Execution Standard: Pre-Engagement Guidelines)
- Template: Pre-Inspection Visit ( VulnerabilityAssessment.co.uk)
- Template: "Rules of Engagement Template" (NIST SP 800-115)
- Article: "The Difference Between a Vulnerability Assessment and a Penetration Test" (Daniel Miessler)
- Article: "Vulnerability Assessment and Penetration Testing" (gosafe)
- Article: "Legal Issues in Penetration Testing"
- Documentation: "John the Ripper password cracker" (OpenWall)
- Password Dictionaries: "Password dictionaries" (Skull Security)
- Project Site: "CeWL - Custom Word List generator" (Robin Wood)
- Presentation: "Supercharged John the Ripper Techniques" (Rick Redman - KoreLogic)
- Project Site: "Hashcat: advanced password recovery" (hashcat.net)
- Guide: "KoreLogic's Custom rules" (Rick Redman - KoreLogic)
- Guide: "Creating custom username list & wordlist for bruteforciing" (Nirav Desai)
- Source Code: "JohnTheRipper: bleeding-jumbo branch"
- Standard: "Pre-Engagement" (The Penetration Testing Execution Standard: Pre-Engagement Guidelines)
- Template: Pre-Inspection Visit ( VulnerabilityAssessment.co.uk)
- Guide: "Six Stages of Incident Response" (CSO Online: Anthony Caruana)
- Guide: "Threat Hunting Project" (http://www.threathunting.net)
- Resource: "Media Legal Defense Initiative" (Media Legal Defense Initiative)
- Guide: "Security Incident Information Management Handbook" (RedR UK)
- Guide: "Six Stages of Incident Response" (CSO Online: Anthony Caruana)
- Guide: "Threat Hunting Project" (http://www.threathunting.net)
Preparation:
Facilitation Preparation:
Creating Agreements and Rules of Engagement:
Password Dictionary Creation:
Other Pre-Engagement Resources:
Incident Handling Resources:
Legal Considerations:
Data Security Standards:
Sensitive Data & Information Guides:
Incident Handling Resources:
Activities
Assessment Plan_
This component allows an auditor and host to come to an understanding of the level of access that an auditor will have, what is off limits…Confidentiality Agreement_
Negotiate an agreement with the organization that outlines how an auditor will protect the privacy of the organization and the outcomes of…Incident Response and Emergency Contact_
Incident Response within the context of an audit refers to setting up a procedure for handling incidents during an audit in the event the…Regional Context Research_
This exercise focuses on research and re-confirmation of regional issues from general trends to specific legal restrictions and safety…Technical Context Research_
This exercise focuses on research into the technical capacity of potential threat actors, including both historical attack data and any…Audit Timeline and Planning_
This section provides guidance on creating a realistic audit timeline for your assessment plan.