Profiling organizational risks
In the previous chapter, we put on an attacker mask, peering into their world and understanding their motivations, tactics, and tools. Now, you will leverage this newfound knowledge to delve into your organization’s unique security landscape. This section empowers you to embark on a risk profiling journey, but with a crucial twist: we’ll approach it through the adversarial lens.
The nature of data that an organization handles influences the primary threat actors targeting its systems. For instance, widely used software or services such as Microsoft Office and Google Chrome may be subject to ongoing threats from state-sponsored attackers [1]. To delve deeper into what this really means, when defending a system, it is imperative for the defender to pose a fundamental question: what are the potential consequences if an adversary successfully compromises our software or systems? This question serves as a precursor to the discussions in the...
