It is very nice to have SOPS and protocols for scenarios but what about the identification process? This stage is usually skipped and accounts for the vacuum that is created between your assessments, procedures and your actual capability to identify these threats.
Consequently, let us analyze the chronological steps that should be implemented:
- Define your threats
- Define whether you have real capabilities for dealing with these threats
- If you do not have the adequate capabilities or there is a discrepancy, address it
- Develop your capabilities
- Invest in the identification process - You cannot find something you don't understand or know
- Design your security system according to your adversary capabilities
- Develop a response mechanism for each threat and its modus operandi
When you have completed this process, you can start building procedures which will be built according to what the field and reality dictates. These procedures must then be tested and if they are not adequate they must be adjusted until they correspond to your threats.
All this process begins and ends with a strong foundation of the identification process.