A Deep Dive into CBEST
In a previous article I provided an overview of Intelligence-Led Testing Frameworks used globally. I referred to CBEST as “something of a ‘Founding Father’, emulated by other frameworks”. In this article we will take a deeper look at CBEST, learning about its origin, understanding the process and its benefits whilst providing those embarking on this journey with some helpful pointers.
Background
The rise in sophisticated cyber-attacks targeting the financial sector in the early 2010’s established the need for a more comprehensive approach to exercising defensive teams and ensuring operating resilience. Traditional Penetration Tests (also referred to as IT Health Checks in the UK), whilst effective in identifying and exploiting vulnerabilities to reduce the attack surface, are not geared towards simulating real and likely attacks on financial organisations