CVA (CONDUITS VULNERABILITY ANALYSIS)
Have all the conduits in your set up and environment documented and then analyzed both ways: inbound and outbound.
- Inbound analysis for malware, ransomware, APT (Advanced Persistent Threat) attack precursors such as spear phishing, vishing, smishing and the like.
- Outbound analysis for C2/C&C (Command & Control) where firewalls are more restrictive on inbound connections, beacons, data exfiltration and such.
- All channels and medium that could be used as a conduit (physical, logical, virtual, social, in-band, out of band, side channel, wired, wireless, clear text, encrypted and steganography).