It's your what in a box? Here's a thing to make your bosses think about malware responses
Ever-exciting Cabinet Office minister David Lidington has put his name to a new infosec response testing tool developed by the NCSC, called (wait for it) Exercise in a Box.
In a speech due to be delivered to the Cyber UK conference in Glasgow later today, Lidington will inform the world: "This new free online tool will be critical in toughening the cyber defences of small businesses, local government, and other public and private sector organisations."
Exercise in a Box, or so Lidington will say, "provides scenarios based on common cyber threats facing the UK, which organisations can practice in their own time, in a safe environment, as many times as they want". You can pick from a technical simulation or a tabletop discussion.
"Just like having a fitness tracker, the tool enables players to monitor their progress," burbled the Cabinet Office in its explanation of the tool.
We do not yet know if it's available on Xbox or Apple Watch but doubtless readers will want to seek further information for themselves about that.
Gentle mockery aside, the idea is to get organisations large and small thinking about what to do if when Something Bad Happens to their IT infrastructure, whether as a result of drive-by ransomware or a targeted attack. Although the version currently available from the NCSC website was developed for SMEs and the emergency services, we are told the general concepts can be applied to most other organisations too.
"By practising your defence and response mechanisms, you can understand how effective they really are and where there are areas for improvement," said NCSC chief exec Ciaran Martin in a canned quote. "We're committed to building the UK's cyber resilience and continuing our work to make the country the hardest possible target for our adversaries."
As NCSC tech director Ian Levy expressed the underlying problem while talking to the press yesterday about industrial control malware: "There's kind of a mantra in the cybersecurity community that says [people working on safety critical systems] will never patch because they're just too scared to ever patch anything. There's a mantra in the [Operational Technology] world that says cybersecurity are cowboys because they patch instantly. It's about bringing them together and having that conversation."
It might not be as exciting as Stuxnet or zero-day vulns ("Why use a zero-day if you can spearphish an admin and log in from the internet?" asked Levy, rhetorically) but getting the less security-aware parts of the UK more savvy about infosec practices can only be a good thing.
Industry: Cyber Security
- CONTRACT SIEM Cyber Security Operations Engineer. REMOTE OUTSIDE IR35
- United Kingdom
REFCH8165 CONTRACT SIEM Cyber Security Operations Engineer. REMOTE UK SIEM Engineer. 6 month Contract. OUTSIDE IR35 Working towards a "SOC 2" environment. CLOUD (AWS) experience essential. Three key functions; Monitor, Escalate and Triage incidents. Vulnerability Management / threat intel. SIEM configuration / management, review, enhancement More specifically; Work with internal teams to identify assets. Identity applicable threat feeds and work with internal teams to remediate. Patch Patch Patch. (Help mature process / identify gaps) Configuration / fine tuning of SIEM alerts. Create dashboards, Compliance reporting. Log ingestion. Experience across ISO27001 / SOC2 / SIEM / End Point Security is essential Contact me today for more information Chris.Holt@dclsearch.com Or 07884666351
- Cyber Security Operations Engineer. REMOTE UK. SOC2
- United Kingdom
REF8164 Cyber Security Operations Engineer. REMOTE UK Internal opportunity. New position. Exclusive to DCL Search. You will be the hands on technical eyes and ears of the Cyber security capability actively working to ensure and enhance the adherence to ISO27001 and "SOC 2" controls. You role will touch on the following · Security Monitoring- SIEM · Vulnerability Management / Testing · Incident Management · Asset management · Disaster Recovery planning · Change Management AWS Cloud experience is essential as is the ability to ensure patch management is prioritised across the business. Any CLOUD SIEM experience highly desirable. Contact me today for more information Chris.Holt@dclsearch.com Or 07884666351
- Lead Security Architect
- United Kingdom
Engage with key clients in an Architectural / technical presales capacity. Including Stakeholders, end users / partners. Working on new and existing Security projects to confirm that proposed solutions are fit for purpose from both a technical and regulatory capacity. Working closely with multiple vendor . Managed security service background ideal CLOUD Security (AZURE OR AWS), IDAM background ideal.
- Threat Vulnerability Management Analyst
- United Kingdom
To monitor, identify and alert internal teams of cyber threats and vulnerabilities. MIRE Att&ck, CIS, OWASP, Vulnerability management tools MUST be able to commute to central London MUST be able to achieve UK SC Clearance. On going support and development.