Lesson 12 of 33
In Progress

Darkline

Purpose

The purpose of this document is to establish the objectives of the Darkline Infrastructure and the principles within which the GSOC will operate.

Scope

The Darkline Policy applies to the GSOC service only.

Ownership

The responsibility of ownership and ongoing management of this document rests with the Head of GSOC.

Audience

All GSOC members who are required to use the Darkline infrastructure must read and understand this Policy.

Infrastructure

GSOC shall establish, implement and maintain a Darkline infrastructure – an isolated desktop computer, software and Internet connectivity, where actions carried out within Darkline cannot be directly attributable to KPMG. The objective of setting up an isolated infrastructure is to help GSOC gather threat intelligence.

Research

GSOC will derive and gather threat intelligence from external sources and while accessing security forums, groups, communities or websites for research purposes. GSOC authorised analysts shall take due care to consider the safety and reliability of the sources, forums, groups, communities and websites before accessing them. GSOC authorised analysts shall only use the Darkline infrastructure to access websites, security forums and other groups, if accessing such sites might negatively impact KPMG.

GSOC authorised analysts shall use the Darkline infrastructure to analyse and evaluate external sites where the risk is too high to access from KPMG infrastructure directly.

Use of the Darkline will follow the Non-attribution Process document [1].

Basic Hygiene

Users of the Darkline infrastructure shall use credentials that do not reveal their real names, location, mailing address or their past or present employer details. The Darkline Infrastructure shall be used judiciously for the purposes mentioned above and shall not be used for casual or personal browsing.

GSOC shall choose and implement technology to segregate Internet-facing applications from the underlying software/hardware/system. To mitigate the risk of the Darkline Infrastructure being compromised, the GSOC shall erase and reinstall, from a trusted image, the applications/browsers used to carry out researches, along with the underlying software or operating system. Checks and balances shall be implemented to ensure that the person who used the system to conduct a research cannot erase/reinstall the image.

All usage of the Darkline infrastructure shall be captured manually in an audit log.

Non-repudiation

Access to the Darkline infrastructure shall be restricted to specific GSOC team members. Users shall be provided unique and identifiable individual user accounts on the systems that do not directly identify them as KPMG team members.

Review and Audit

Adequate checks and balances shall be implemented to ensure that the Darkline infrastructure is used only for intended purposes.

Ethical Behaviour

GSOC authorised analysts shall demonstrate ethical behaviour and act with integrity while using the Darkline infrastructure. KPMG UK’s HR Policy – The National Statement of Terms and Conditions of Employment (“National Statement”) [2] shall apply for GSOC staff.