Security Playbooks Diagrams
Playbooks are best described in diagrams. In May 2017, a Google image search for ‘Security Playbooks’ did not return a helpful list of diagrams of Security Playbooks that can be easily used and adopted.
This Working Session will assess, create, and publish diagrams of Security Playbooks.
Ayehu’s site has a really good example of what these diagrams could look like:
The Phantom product seems to have native Playbook support (which can be also scripted):
Threat Connect also looks interesting:
- Create and publish multiple Security Playbooks Diagrams
- Diagrams of Security Playbooks published
Synopsis and Takeaways
We discussed how best to visualise the information contained in a playbook, realising that without data, we are restricted to process flows.
OWASP is proactive, but we recognise that certain situations are reactive by nature – you can only start to solve a problem after it has manifested.
We agreed that Playbooks should include process diagrams, but only where necessary. It is difficult to come up with diagrams without data, and data usually comes after the playbook has been followed (e.g., pen-test, bug bounty).
We also agreed that we should create iconography for different audiences to help readers define the scope of the playbook: either
- The buyer or end-user, or
- The person who has to follow the process, or
- The person who has to take the result of the process and deal with the outcome (analyse, distil, process).
- Security teams
- Top 5 Cyber Security Incident Response Playbooks
- Multiple Simultaneous Logins
- Ransomware Cryptolocker Infection Protection
- Playbook Series: Enrich Security Events with External Threat Intelligence
- ThreatConnect Playbook Actions: Be More Efficient and Gain Control with Automated Actions
- Playbooks related posts in Phantom’s website
- COPS - Collaborative Open Playbook Standard
Here are the current ‘work in progress’ materials for this session
1. Introduction and purpose
2. Executive summary
3. Playbook (template table)
4. Global glossary
Back to list of all Working Sessions and Tracks
Edit this page here