Advanced: Create a test bed that mimics a production environment for specific Red Team attacks against elements that are not typically tested in production, such as attacks against SCADA and other control systems.
Critical Control 18: Incident Response Capability
A great deal of damage has been done to organizational reputations and a great deal of information has been lost in organizations that do not have fully effective incident response programs in place.
The National Institute of Standards and Technology (NIST) has released detailed guidelines for creating and running an incident response team in Special Publication 800-61, available at http://csrc.nist.gov/publications/nistpubs/800-61/sp800-61.pdf. Among the most important elements included in these guidelines are:
QW: Develop written incident response procedures, which include a definition of personnel roles for handling incidents. The procedures should define the phases of incident handling consistent with the NIST guidelines cited above.
QW: Assign specific individuals job titles and duties for handling computer and network incidents.
QW: Define management personnel that will support the incident handling process within each organization, acting in key decision-making roles
QW: Devise organization-wide standards for the time required for system administrators and other personnel to report anomalous events to the agency incident handling team, the mechanisms for such reporting, and the kind of information that should be passed in the incident notification. This reporting should also include notifying US-CERT in accordance with federal requirements for involving that organization in computer incidents.
QW: Publish information to all personnel, including employees and contractors, regarding reporting computer anomalies and incidents to the incident handling team. Include such information in routine employee awareness activities.