Fetching contributors…
Cannot retrieve contributors at this time
93 lines (56 sloc) 3.8 KB
layout title type track technology related-to status when-day when-time location organizers participants outcomes
Security Playbooks Diagrams
Security Playbooks
need-working materials
Jason Li
Steven Wierckx, Robert Grace,


Playbooks are best described in diagrams. In May 2017, a Google image search for 'Security Playbooks' did not return a helpful list of diagrams of Security Playbooks that can be easily used and adopted.

This Working Session will assess, create, and publish diagrams of Security Playbooks.

Ayehu's site has a really good example of what these diagrams could look like:

The Phantom product seems to have native Playbook support (which can be also scripted):

Threat Connect also looks interesting:


  • Create and publish multiple Security Playbooks Diagrams


  • Diagrams of Security Playbooks published

Synopsis and Takeaways

We discussed how best to visualise the information contained in a playbook, realising that without data, we are restricted to process flows.

OWASP is proactive, but we recognise that certain situations are reactive by nature – you can only start to solve a problem after it has manifested.

We agreed that Playbooks should include process diagrams, but only where necessary. It is difficult to come up with diagrams without data, and data usually comes after the playbook has been followed (e.g., pen-test, bug bounty).

We also agreed that we should create iconography for different audiences to help readers define the scope of the playbook: either

  • The buyer or end-user, or
  • The person who has to follow the process, or
  • The person who has to take the result of the process and deal with the outcome (analyse, distil, process).


  • Security teams


Working materials

Here are the current 'work in progress' materials for this session


1. Introduction and purpose

2. Executive summary

3. Playbook (template table)

4. Global glossary

5. Conclusion