Regularly Validating Security Controls with Breach and Attack Simulation

Regularly Validating Security Controls with Breach and Attack Simulation   Validating Security Controls is of vital importance for all organisations and is mandated by Cyber Security Frameworks like National Institute of Standards and Technology (N.I.S.T.) who offer a simple high-level way to do this using 5 steps:   IDENTIFY (CROWN JEWELS) PROTECT DETECT RESPOND RECOVER   To emphasise the importance of validating Security Control on a regular basis think of pilots doing a pre-flight check and inspection of their aircraft. Not performing these checks and inspections could lead to a loss of license for the pilots and the airline as it is mandatory and so should validating your organisation’s Security Controls. Simplistically you start by Identifying a Crown Jewel which could be an Endpoint, A Domain Controller or a Business Application. The next step is to detail and understand the attack vectors, which could be infiltration via email or a