Verification Scenarios Index
Purpose
This page provides the canonical index of all verification scenarios defined in the Scheol Security Lab.
It ensures that scenarios are:
- uniquely identified
- linked to risks and controls
- traceable over time
- visible in terms of execution and effectiveness
Each scenario represents a practical validation activity used to test control behavior.
Scenario Index
| Scenario ID | Title | Related Risk | Target Control(s) | Status | Last Execution | Link |
|---|---|---|---|---|---|---|
| V-001 | SSH Brute Force Simulation | R-003 | C-005 | Planned | N/A | Voir |
| V-002 | HTTP Exposure Probing | R-001 | C-001 | Planned | N/A | Voir |
| V-003 | Web Authentication Abuse (Dolibarr) | R-002 | C-003 | Planned | N/A | Voir |
Scenario Status Model
Each scenario is assigned one of the following statuses:
| Status | Description |
|---|---|
| Planned | Scenario defined but not yet executed |
| Tested | Scenario executed at least once |
| Validated | Scenario consistently produces expected results |
| Needs Review | Scenario results inconsistent or outdated |
Execution Tracking
For each scenario, the following should be tracked:
- execution date
- observed outcome
- detection result
- conclusion (effective / partial / ineffective)
This information is documented within each scenario file.
Relationship with Other Sections
Verification scenarios are directly linked to:
-
Risk Register → scenarios are derived from identified risks (R-001 to R-003)
-
Control Framework → scenarios validate control effectiveness (C-XXX)
-
Validation & Monitoring → scenarios test monitoring and detection capabilities
-
Residual Gaps → failed or incomplete scenarios highlight security gaps
Governance Rule
No scenario should exist without:
- a linked risk
- at least one target control
Current Scope
At the current stage, the scenario set is intentionally limited and focused:
- only scenarios directly linked to existing risks
- only scenarios that are realistically executable
This avoids:
- artificial complexity
- unused documentation
- validation gaps
Current Maturity
Verification scenarios are considered early but structured.
Established
- scenario identification aligned with risks
- consistent scenario structure
- initial scenario index
In Progress
- execution of defined scenarios
- documentation of results
- linkage with monitoring signals
Planned / Next Phase
- regular execution cycles
- improved repeatability
- integration with detection and alerting
- expansion aligned with new risks
This index is intended to evolve alongside the lab’s validation maturity and control implementation.