TLPT & ME: Everything you need to know about Threat-Led Penetration Testing (TLPT) in a TIBER world.

Introduction In our previous post, we published an analysis of current TIBER implementations ahead of DORA's TLPT requirements. To recap, this contained: An overview of existing TIBER implementations (situation mid-2024) A comparison of the respective guidance documents w.r.t. major building blocks, such as the generic threat landscape, purple teaming, leg-ups, scenario X Assurance that consistency … Continue reading TLPT & ME: Everything you need to know about Threat-Led Penetration Testing (TLPT) in a TIBER world. →

The Big TIBER Encyclopedia

An analysis of current TIBER implementations ahead of DORA's TLPT requirements Introduction TIBER (Threat Intelligence-Based Ethical Red Teaming) is a framework introduced by the European Central Bank (ECB) in 2018 as a response to the increasing number of cyber threats faced by financial institutions. The framework provides a standardized methodology and guidelines for conducting controlled … Continue reading The Big TIBER Encyclopedia →

NVISO and QuoIntelligence Announce Strategic Cooperation

We are pleased to announce that we have created a unique approach with QuoIntelligence GmbH in responding to the TIBER-EU testing. Using our approach, we combine both passive threat intelligence gathering and active offensive red team testing as one seamless experience while remaining independent from each other. The TIBER-EU Framework, More Critical Now Than Ever … Continue reading NVISO and QuoIntelligence Announce Strategic Cooperation →

Thoughts on the recent Red Team debate

Around the end of November 2019, Florian Roth wrote a much-discussed post about problems he saw with today’s red teaming. I considered writing a blog post to diverge some of my ideas and “respond” to his concerns. However, as is often the case with these types of things, I didn’t get to it at the … Continue reading Thoughts on the recent Red Team debate →