Your Guide to CORIE

What is CORIE?

CORIE is a regulatory framework for simulating realistic and coordinated cyber-attacks on organisations based on real-life situations. It is introduced by the Australian Council of Financial Regulators and is made mandatory to improve cyber resiliency across Australian financial institutions (FI). Abbreviated for Cyber Operational Resilience Intelligence-led Exercises, it is a program of exercises aimed at mimicking the Tactics, Techniques and Procedures (TTPs) of real-life Threat Actors.

Why do organisations care about CORIE?

Cyberattacks have been one of the top risks to the financial services sector and are acknowledged as a key risk by the Council of Financial Regulators. The CORIE framework integrates other international guidelines such as CBEST, TIBER, and iCAST and forms as the benchmark of best practices for FIs in threat intelligence-led red teaming.

Forward-looking or mature/proactive organisations have a need for more comprehensive and realistic attack simulations that put their resilience and blue teaming capabilities to the test.

The CORIE framework is important as it supplies a structured approach for adversarial attack simulation, delivering meaningful results reflective of the real-world threats facing the industry.

CTRL’s offensive experts perform Red Team engagements aligned to the CORIE framework to:

Help you test your defences against such attacks and the real impact on your business
Provide visibility on the critical gaps in your security posture
Measure the effectiveness of your current controls against a realistic attacker
Highlight the effective controls and processes you are doing that must continue
Prioritise cyber investments and resources to make improvements in your cybersecurity strategy

What are the key components of the CORIE Framework?

Threat Intelligence-based scenarios:

Critical to the CORIE exercises are the Threat Intelligence-based scenarios – specific testing scenarios and attack patterns based on the tactics, techniques and procedures of known threat actors. At this stage, CTRL will curate scenarios fitting to your organisation’s unique needs, industry-specific and threat intelligence.

Scenario-based Adversary Simulation:

During the attack execution, CTRL’s Red Team will emulate the behaviour and attack patterns of threat actors.

Attack Reporting and Remediation Planning:

Through a CORIE exercise, a detailed report is produced to supply relevant and impactful insights to team members across all levels of the business. This is then followed by actionable strategies for your team to enable your business to implement action to mature your cybersecurity resilience. The report is then provided back to the Council of Financial Regulators on the exercises and their outcomes.

What does a typical CORIE Engagement look like at CTRL Group?

Threat Intelligence

Identify primary adversaries targeting the FI
Find adversaries’ modus operandi
Gather available information that will aid in the success of the modus operandi
Provide the FI with an understanding of the information available about them.

Adversary Attack Simulation

Assess people, processes, and technology end-to-end maturity with regards to cyber defence not otherwise assessed by traditional vulnerability assessment and security testing methodologies
Assess the FI’s security prevention, detection and response capability
Reveal attack paths and techniques that may have not been considered
Assess the maturity of the FI’s processes in reacting to adversaries

CTRL can assist you with your CORIE testing requirements. Reach out today to begin a discovery discussion on what your testing scenarios might look like.