Red Teaming is getting a major facelift and we thought you needed to know! The CORIE Framework – is a new approach to assessing cyber maturity and resilience and you definitely need to be investigating it this year.
We think the new CORIE Framework will be a game changer for the security industry. It’s an evolution in risk management and the banks will be REQUIRED to use it.
Here’s what we think you need to know:
- It’s a whole better way of using Red Teaming – think like the criminal,
- We focus on how to prevent the worst case scenario – it’s objective led,
- It better help answer managements hardest question – could this happen to us?
- The techniques an attacker will use to target you define the testing approach – Threat Intelligence provides leverage to the defender,
- Bespoke attack simulations are used to mimic the attacker tradecraft – understanding the motives and capability of the enemy is key.
Where has the CORIE Framework come from?
- The CORIE framework has been created and launched by APRA/RBA. It will soon be mandatory for Financial Institutions (FI) to use,
- It aim is to focus efforts on how far a realistic attacker can go towards impacting your business operations and cause a significant impact to you,
- Infamous attacks over the last few years, coupled with the constant increase in attacker capabilities means our industry MUST move towards objective based adversarial simulation attacks to test an organisations effective defence posture,
- Threat Intelligence has become a credible weapon in our arsenal to identify the most likely threat actor and techniques criminals will use against your organisation.
Privasec can now perform RED Team engagements aligned to the CORIE Framework. We use adversarial attack simulations to:
- Help you test your defences against such attacks and the real impact on your business,
- Provide visibility on the critical gaps in your security posture,
- Highlight the effective controls and processes you are doing that must continue,
- Prioritise where you spend budgets and resources to improve across the entire attack lifecycle,
- Measure of effectiveness of your current controls against a realistic attacker