Verification Scenarios
Purpose
This page defines how security controls are actively tested and verified through structured scenarios.
The objective is to:
- validate that controls behave as expected
- assess detection and monitoring capabilities
- identify gaps between expected and actual behaviour
- support continuous improvement of the security posture
Verification scenarios complement monitoring by introducing controlled test conditions.
Scenario Philosophy
Verification scenarios are designed to answer a simple question:
“If this threat occurs, what actually happens?”
Each scenario aims to:
- simulate a realistic threat or misuse case
- observe system behaviour and control response
- evaluate detection, logging and response capabilities
Scenarios are not intended to be exhaustive, but representative of key risks.
Scenario Types
Verification scenarios are grouped into categories aligned with risk areas.
1. Access & Authentication Scenarios
Focus:
- unauthorised access attempts
- misuse of credentials
- privilege escalation
Examples:
- repeated failed SSH login attempts (brute force simulation)
- login attempts from unusual sources
- access attempts without proper authentication
Objective: → validate access controls and detection of suspicious behaviour
2. Network & Exposure Scenarios
Focus:
- external probing
- service exposure
- network misuse
Examples:
- port scanning of exposed services
- unexpected access to non-public services
- abnormal traffic patterns
Objective: → validate segmentation and exposure controls
3. Application-Level Scenarios
Focus:
- misuse of exposed applications
- abnormal user behaviour
- input-based attacks
Examples:
- repeated failed login attempts on web applications
- malformed or unexpected requests
- interaction with sensitive endpoints
Objective: → validate application-level controls and monitoring
4. Logging & Detection Scenarios
Focus:
- log generation
- event forwarding
- detection capabilities
Examples:
- triggering known events (e.g. failed authentication)
- verifying log forwarding to central platform
- validating alert generation (if implemented)
Objective: → ensure visibility and detection mechanisms are functional
5. Resilience & Recovery Scenarios
Focus:
- system failure
- data loss
- recovery processes
Examples:
- simulated service outage
- restoration from backup
- validation of recovery procedures
Objective: → validate corrective controls and operational resilience
Scenario Structure
Each verification scenario should be documented with:
| Field | Description |
|---|---|
| Scenario ID | Unique identifier (V-XXX) |
| Related Risk | Link to associated risk entry |
| Target Control(s) | Controls being validated |
| Description | What is being tested |
| Execution Method | How the scenario is performed |
| Expected Outcome | Expected system and control behaviour |
| Observed Outcome | Actual result during execution |
| Detection Result | Was the event detected? |
| Conclusion | Effective / Partially effective / Ineffective |
| Notes | Observations, limitations, follow-up actions |
Execution Approach
At the current stage:
- scenarios are executed manually
- testing is controlled and limited in scope
- results are documented progressively
Future evolution includes:
- more systematic scenario execution
- improved repeatability
- potential automation of selected tests
Relationship with Other Sections
Verification scenarios are directly linked to:
-
Risk Management → scenarios are derived from identified risks
-
Control Framework → scenarios validate control effectiveness
-
Monitoring Strategy → scenarios test detection capabilities
-
Residual Gaps → failed or incomplete scenarios highlight gaps
Known Limitations
At the current stage:
- limited number of defined scenarios
- partial coverage of risk areas
- absence of automation
- detection capabilities still evolving
This reflects the current maturity of the lab.
Current Maturity
At the current stage, verification scenarios are considered early in progress.
Established
- definition of scenario structure and purpose
- identification of key scenario categories
- initial alignment with risk and control framework
In Progress
- creation of initial verification scenarios
- execution of basic test cases (access, logging, exposure)
- documentation of observed outcomes
- linkage between scenarios and controls
Planned / Next Phase
- broader scenario coverage across all major risks
- improved consistency and repeatability
- integration with monitoring and detection logic
- support for validation reporting and audit use cases
This page is intended to evolve as validation practices become more structured and comprehensive.