Methodologies

Security Methodologies are structured approaches and frameworks used to manage, analyze, and address security risks and challenges, providing guidelines, best practices, and processes to help organizations protect their information systems and data effectively.

Penetration Testing Frameworks

Penetration testing frameworks provide structured approaches for evaluating the security posture of systems and networks across different environments. Here are some of the most well-known:

• OSSTMM: Open Source Security Testing Methodology Manual, focus on Telecommunications, Wired Networks, and Wireless communications
• MITRE ATT&CK: Framework focused on adversary tactics, techniques, and procedures, used by offensive security professionals, incident responders, and threat-hunting teams. Offers matrices categorizing attacks and listing tactics and techniques related to them in various areas
• OWASP: Open Web Application Security Project, community-driven, is used solely to test the security of web applications and services
• NIST CSF 1.1: NIST Cybersecurity Framework, improves organizations' cybersecurity standards and manages the risk of cyber threats, provides guidelines on security controls & benchmarks for success
• NCSC CAF: NCSC Cyber Assessment Framework, is an extensive framework of fourteen principles used to assess the risk of various cyber threats and an organization's defenses against these

Thread Modelling

Helps to identify, assess, and prioritize potential threats to a system, application, or network, where the primary goal is to understand the security risks associated with a system and develop strategies to mitigate those risks.

Some strategies that apply this methodology are:

• STRIDE: Spoofing identity, Tampering with data, Repudiation threats, Information disclosure, Denial of Service, and Elevation of privileges

• PASTA: Process for Attack Simulation and Threat Analysis, is a risk-centric threat modeling methodology that focuses on the probability of each attack

Incident Response

Processes used by organizations to prepare for, detect, respond to, and recover from cybersecurity incidents and breaches. The primordial steps for this methodology are:

• Preparation: Evaluate what resources and plans are available to deal with the security incident

• Identification: Determinate if the threat and the threat actor have been correctly identified

• Containment: Determinate if a threat can be contained to prevent other systems or users from being impacted

• Eradication: Remove the active threat, and block the entry points

• Recovery: Perform a full review of impacted systems to return to business as usual operations

• Lessons Learned: The things that can be learned from the incident and how to improve security in the system