SCKIPT Guide
SCKIPT is an initiative created by Sergio Albea focus on detect possible User Behaviours which can put the security of our systems in risk. Nowadays, we have multiple solutions, models and tools that allow us to increase our level of protection against different threats and attacks. However, there are multiple scenarios where the security will rely on how the users interact with their manage systems.
Security Awareness is a mandatory requirement to decrease the possible threats related to user behaviours but it will never remove the risk. SCKIPT is oriented to list and provide possible measures to respond against the mentioned threats and it can be defined as:
S – Source
C – Case Scenario
KI – Known Interaction
P – Possible Protection
T – Threat
Every case, is classified as a source (Email, Identities, Devices, Token, Password, and others) are marked as UB (Use Behaviour) and after it are classified by the different sub objects.
UB – Use Behaviour
C- Case (Scenario)
K – Known Interaction
P – Protection
T- Threat
You can identify the different Type of Sources on the left of the table to review the corresponding SCKIPT case. If you have a Protection from some of the possible KI (Known Interactions) it means that in somehow you can skip the corresponding Threats. For instance, the next example would represent a company that restrict Auto-Reply messages internally so the Threat related to send Auto-Reply messages externally would not apply:
SCKIPT User Behaviour Matrix | ||||
---|---|---|---|---|
Source | Case Scenario | Known Interactions | Protection | Threats |
UB1. Email | UB1.C4 -Auto-Reply Messages | UB1.C4.K1 -Enable Auto-Reply Messages Externally | UB1.C4.K1.P1 – Restrict nternal-Only Auto-Replies – Monitor Auto-Reply-Replies |