SCKIPT Guide

SCKIPT is an initiative created by Sergio Albea focus on detect possible User Behaviours which can put the security of our systems in risk. Nowadays, we have multiple solutions, models and tools that allow us to increase our level of protection against different threats and attacks. However, there are multiple scenarios where the security will rely on how the users interact with their manage systems.

Security Awareness is a mandatory requirement to decrease the possible threats related to user behaviours but it will never remove the risk. SCKIPT is oriented to list and provide possible measures to respond against the mentioned threats and it can be defined as:

S – Source 

C – Case Scenario 

KI – Known Interaction 

P – Possible Protection 

T – Threat

Every case, is classified as a source (Email, Identities, Devices, Token, Password, and others) are marked as UB (Use Behaviour) and after it are classified by the different sub objects.

UB – Use Behaviour

C- Case (Scenario)

– Known Interaction 

P – Protection

T- Threat

You can identify the different Type of Sources on the left of the table to review the corresponding SCKIPT case. If you have a Protection from some of the possible KI (Known Interactions) it means that in somehow you can skip the corresponding Threats. For instance, the next example would represent a company that restrict Auto-Reply messages internally so the Threat related to send Auto-Reply messages externally would not apply:

SCKIPT User Behaviour Matrix
Source
Case Scenario
Known Interactions
Protection
Threats
UB1. Email
UB1.C4 -Auto-Reply Messages
UB1.C4.K1 -Enable Auto-Reply Messages Externally
UB1.C4.K1.P1
Restrict nternal-Only Auto-Replies
– Monitor Auto-Reply-Replies
UB1.C4.K1.T1 – Send data externally in the Auto-Reply Messages