This book originates from the authors’ experience in conducting security incident simulations within companies. The scenarios described are always based on real cases, modified to make them unrecognizable while still usable as tabletop exercises.

The goal is to analyze the organization’s response to specific incidents, highlighting technical, organizational, and procedural difficulties and shortcomings.

The exercises are structured as dialogues between a CISO and their Mentor, dialogues that have actually taken place. The starting point involves a (fictional) company where the CISO works, envisioned as an international manufacturing company with a developed IT infrastructure primarily tied to SAP technologies and internal applications. The IT team is internal and relies on an outsourced SOC service.

The workbook is divided into the following chapters:

• Preface
• Introduction
• Scenario 1 - Vulnerability Management
• Scenario 2 - Unauthorized Software Use
• Scenario 3 - Foreign File
• Scenario 4 - Access to Confidential Information
• Scenario 5 - Double Extortion Attack
• Conclusions

References

• Dall’altra parte del Firewall: Role-Playing nella Digital Security