Methodologies

Security Methodologies are structured approaches and frameworks used to manage, analyze, and address security risks and challenges, providing guidelines, best practices, and processes to help organizations protect their information systems and data effectively.

Penetration Testing Frameworks

Penetration testing frameworks provide structured approaches for evaluating the security posture of systems and networks across different environments. Here are some of the most well-known:

  • OSSTMM: Open Source Security Testing Methodology Manual focuses on telecommunications, wired networks, and wireless communications

  • MITRE ATT&CK: Framework focused on adversary tactics, techniques, and procedures, used by offensive security professionals, incident responders, and threat-hunting teams. Offers matrices categorizing attacks and listing tactics and techniques related to them in various areas

  • OWASP: Open Web Application Security Project, a community-driven project used solely to test the security of web applications and services

  • NIST CSF 1.1: NIST Cybersecurity Framework improves organizations' cybersecurity standards and manages the risk of cyber threats, provides guidelines on security controls & benchmarks for success

  • NCSC CAF: NCSC Cyber Assessment Framework is an extensive framework of fourteen principles used to assess the risk of various cyber threats and an organization's defenses against these

Thread Modelling

Helps to identify, assess, and prioritize potential threats to a system, application, or network, where the primary goal is to understand the security risks associated with a system and develop strategies to mitigate those risks.

Some strategies that apply this methodology are:

  • STRIDE: Spoofing identity, Tampering with data, Repudiation threats, Information disclosure, Denial of Service, and Elevation of privileges

  • PASTA: Process for Attack Simulation and Threat Analysis is a risk-centric threat modeling methodology that focuses on the probability of each attack

Incident Response

Processes used by organizations to prepare for, detect, respond to, and recover from cybersecurity incidents and breaches. The primordial steps for this methodology are:

  • Preparation: Evaluate what resources and plans are available to deal with the security incident

  • Identification: Determine if the threat and the threat actor have been correctly identified

  • Containment: Determine if a threat can be contained to prevent other systems or users from being impacted

  • Eradication: Remove the active threat and block the entry points

  • Recovery: Perform a full review of impacted systems to return to business-as-usual operations

  • Lessons Learned: The things that can be learned from the incident and how to improve security in the system

Security controls

Security controls are safeguards or countermeasures prescribed for information systems, designed to minimize or manage risks. These controls are implemented to prevent, detect, and correct threats or vulnerabilities, and are fundamental components of any robust cybersecurity framework.

They can be classified into:

  • Preventive: Designed to inhibit security incidents before they happen. They focus on stopping security breaches and minimizing the possibility of threats exploiting vulnerabilities

  • Detective: Help identify and alert administrators to incidents that have occurred or are in progress. These measures don't prevent incidents, but discover security events quickly to respond

  • Corrective: Aim to limit the extent of damage after a security incident, restore normal operations, and address vulnerabilities to prevent recurrence

  • Administrative: Based on organizational policies, procedures, and regulatory guidelines. They focus on the human element of security, influencing the way people act within an organization

  • Physical: Safeguard the physical environment and elements

Last updated