Fortitude_Objectives.md

Fortitude rationale

Operation Fortitude built an army mockup to divert attention from Operation Overlord, our aim is not to divert from the desired features of Overlord but to try to demonstrate how it should work.

First interaction with different potential stakeholders showed their different points of view and understanding of the project goals and the difficulty to communicate how BBVA Innovation Labs foresee the whole project.

So we decided to build a mockup to detail and be able to discuss features.

Efficiency

• Demo how to can be useful in the elimination of false positives through contributions from the community
• Demo how to use rules as Definition of Done agreement mechanism shared with vulnerability "solvers"
• Demo how to automate checks that now must be manual
• Demo how to leverage existing tools by easy tool chaining
• Demo how to Map standards using the power of Metadata and Community
• Demo how to leverage the Community to achieve comprehensiveness
• Demo how to reuse checks of common controls across projects, organizations, industries
• Demo how to Overlord can build Community: ruleset catalog mockup

Integration

• Demo how to integrate with risk management tools
• Demo how to integrate with code / dependency analysis tools
• Demo how to integrate with CI/CD pipelines
• Demo how to leverage existing tools/commands by easy tool chaining
• Demo how to use gathering results as input to manual techniques or your own scripts
• Demo how to check access profiles from systems permissions and IdM tools
• Demo how to notify 3rd party tools if a rule doesn't (or no longer) pass

Control environement

• Demo how to Overlord can provide a better vision of the control environement and governance from threat modelling to control status and effectiveness
• Demo how to leverage the Community to achieve comprehensiveness
• Demo how to reuse checks of common controls across projects, organizations, industries
• Demo how to notify 3rd party tools if a rule doesn't (or no longer) pass
• Demo how to Overlord can build Community: ruleset catalog mockup

Trazability

• Demo how to Overlord can provide exhaustive trazability of Authoring, Lineaje, Integrity, Metadata, Inputs, Used Tools, Execution, Results, ...
• Demo how to manage rule authoring

Community

• Demo how to can be useful in the elimination of false positives through contributions from the community
• Demo how to Map standards using the power of Metadata and Community
• Demo how to leverage the Community to achieve comprehensiveness
• Demo how to Overlord can build Community: ruleset catalog mockup

Design simplicity

• Demo how to easily write rules automating manual techniques/procedures
• Demo how to easily write your own checking rules
• Demo how to leverage Overlord's easy to use DSL

Operational simplicity

• Demo how to Overlord doesn't add additional overhead to current processes
• Demo how to Overlord automate current manual techniques/procedures
• Demo how to Overlord can build Community: ruleset catalog mockup

Communication

• Demo how to use rules as Definition of Done agreement mechanism shared with vulnerability "solvers"