A brief look at the updated TIBER-EU framework with DORA TLPT coming into play. In our previous post, we have discussed the âtransitionâ from TIBER to TLPT (Threat-Led Penetration Testing), highlighting some differences between the previous TIBER specification and the requirements as indicated by DORA. This is mostly just a change in terminology. We concluded … Continue reading Whatâs new for TIBER-EU?
Introduction In our previous post, we published an analysis of current TIBER implementations ahead of DORA's TLPT requirements. To recap, this contained: An overview of existing TIBER implementations (situation mid-2024) A comparison of the respective guidance documents w.r.t. major building blocks, such as the generic threat landscape, purple teaming, leg-ups, scenario X Assurance that consistency … Continue reading TLPT & ME: Everything you need to know about Threat-Led Penetration Testing (TLPT) in a TIBER world.
An analysis of current TIBER implementations ahead of DORA's TLPT requirements Introduction TIBER (Threat Intelligence-Based Ethical Red Teaming) is a framework introduced by the European Central Bank (ECB) in 2018 as a response to the increasing number of cyber threats faced by financial institutions. The framework provides a standardized methodology and guidelines for conducting controlled … Continue reading The Big TIBER Encyclopedia
Introduction The topic of this blog post is not directly related to red teaming (which is my usual go-to), but something I find important personally. Last month, I gave an info session at a local elementary school to highlight the risks of public sharing of childrenâs pictures at school. They decided that instead of their … Continue reading An Innocent Picture? How the rise of AI makes it easier to abuse photos online.
In my previous post, I promised to expand on the distinction between adversary emulation, adversary simulation, red teaming, and purple teaming, or at least how I tried to distinguish these terms in a way that made sense to me Emulation and simulation; I've heard both terms used interchangeably to refer to the same type of … Continue reading What’s in a name? Thoughts on Red Team nomenclature
Around the end of November 2019, Florian Roth wrote a much-discussed post about problems he saw with todayâs red teaming. I considered writing a blog post to diverge some of my ideas and ârespondâ to his concerns. However, as is often the case with these types of things, I didnât get to it at the … Continue reading Thoughts on the recent Red Team debate
