As cyberattacks evolve and become more complex, defenders require advanced tools for effective incident response. In the H2020 project CyberSEAS, the Fraunhofer Institute for Applied Information Technology FIT developed a prototype for a cybersecurity playbook management system, called SASP in short, that provides a robust framework for creating, maintaining, and sharing standardized incident response procedures.
The pilot validation indicates how the system can be integrated into current cybersecurity processes and help achieve compliance with the latest security recommendations and directives. The pilot code is now open source, and you are invited to have a look at the tool.
In today’s continuously evolving digital landscape, enhancing cybersecurity practices is more critical than ever. Companies need to be on the lookout and be ready to adapt their cybersecurity measures quickly. Official recommendations, such as the BSI IT-Grundschutz or the NIST Incident Response Life Cycle, or imminent regulations, such as the EU’s Network and Information Security Directive (NIS2), increasingly shape organizations’ handling of cybersecurity threats.
In particular, NIS2 emphasizes the importance of inter-organizational exchange regarding cyber incidents. This trend goes along with standardization efforts for security-related information. For example, cybersecurity playbooks already play a crucial role within organizations as they entail documentation of how to prevent and react to cyber incidents. However, their non-standardized in-house maintenance creates additional hurdles for the necessary adaptivity and required exchanges.
Standardization efforts have started to tackle these issues, e.g., the OASIS Foundation is developing the Collaborative Automated Course of Action Operations (CACAO) standard for the design and sharing of cybersecurity playbooks. Still, the transition toward compliance with recommendations and regulations cannot be accomplished overnight.
This is where the SASP tool is meant to support: SASP is a playbook management tool that offers a structured and practical approach for collaborative incident response and that enables standardized reporting procedures of cyber indents. This way, SASP can reduce the efforts required to implement the information exchange with national Computer Emergency Response Teams (CERTs) that is mandated by NIS2. As such, SASP can offer a cooperative environment for a cross-European increase in cyber resilience.
The SASP playbook management tool is designed for creating, maintaining, sharing, visualizing, and exporting cybersecurity playbooks. It features a user interface for creating playbooks, visualizing them in Business Process Model and Notation (BPMN), exporting them in JSON format, and sharing them with other organizations or CERTs.
By supporting the OASIS CACAO playbook format, we ensure playbooks are machine-readable and standardized. During the piloting phase, various methods for playbook management and sharing were utilized to establish standardized procedures for handling well-known attack scenarios, emphasizing governance aligned with NIS2 requirements.
At this point, Fraunhofer FIT is happy to release its SASP pilot as open source to foster community engagement and collaborative improvement.
More information:
You can find SASP’s source code on GitHub: https://github.com/Fraunhofer-FIT-DSAI/SASP
Provided by
Fraunhofer-Institut für Angewandte Informationstechnik FIT
Citation:
Open-source innovation: A cybersecurity playbook management tool (2024, October 22)
retrieved 22 October 2024
from https://techxplore.com/news/2024-10-source-cybersecurity-playbook-tool.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.
