Implementation -> Infrastructure Hardening: Usage of a chaos monkey
Risk and Opportunity
Risk: Due to manuel changes on a system, they are not replaceable anymore. In case of a crash it might happen that a planned redundant system is unavailable. In addition, it is hard to replay manual changes.
Opportunity: A randomized periodically shutdown of systems makes sure, that nobody will perform manual changes to a system.
Exploit details
Usefullness: Medium
Required knowledge: Medium (two disciplines)
Required time: Very High
Required resources (systems): Very High
OWASP SAMM 2 Mapping: o-environment-management|A|1
ISO27001:2017 Controls Mapping:
- not explicitly covered by ISO 27001 - too specific
- 17.1.3