cqrenet/antifragile
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add engagement model, consultant field guide, deliverable templates, CQRE tools integration, and Czech localization

Browse Source 
New documents:
- core/engagement-model.md: Full client-facing engagement lifecycle (Sections 1-6) plus consultant delivery discipline (Section 7)
- core/consultant-field-guide.md: Decision models, client qualification, module selection, 10 common mistakes, technical onboarding, proposal writing
- core/about-cqre.md: Company overview template with [PLACEHOLDER] markers for client-facing use
- core/about-cqre-cs.md: Czech version of company overview (O společnosti CQRE)
- core/executive-summary-cs.md: Czech translation of the board executive summary
- assessment-templates/nist-csf-baseline.md: Full Brownhat Diagnostic workshop methodology (NIST CSF 2.0)
- assessment-templates/nist-csf-baseline-cs.md: Czech version of Brownhat Diagnostic (for Czech-language workshops)
- assessment-templates/module-completion-report.md: Module completion package template
- assessment-templates/risk-register-example.md: 8 fully populated risk entries (Meridian Logistics GmbH fictional engagement)
- playbooks/privileged-access-architecture.md: Module 13 - Teleport, Tailscale/Headscale, JIT access, vendor governance
- playbooks/sovereign-communications.md: Module 14 - Delta Chat chatmail relay, Matrix/Element, crisis channels

Updated documents:
- playbooks/sovereign-tool-stack.md: Added Elysium, CAExporter, E8-CAT, macOS_IntuneManagement, IntunePolicyParser, M365-Scripts; updated capability matrix and module pairings
- core/modular-engagements.md: Module 2 now includes CAExporter as first step; Module 6 includes Elysium password audit
- reference/nist-csf-mapping.md: Added back-reference to nist-csf-baseline.md
- assessment-templates/README.md: Changed Q1/Q2/Q3/Q4 to Phase 1/2/3/4, added Status column
- index.md: Registered all new documents; restructured consultant navigation into three labeled groups (1-25)
- README.md: Updated directory tree; updated Quick Start for Consultants

Czech localization pointers:
- executive-summary.md: Added Česká verze pointer
- nist-csf-baseline.md: Added Česká verze pointer
- engagement-model.md: Added note that client-facing Czech translation is planned

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Tomas Kracmar
2026-05-27 21:33:52 +02:00
parent 7bab42398a
commit 64f73371c9
24 changed files with 3325 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files
antifragile-consulting/core/retained-capability.md
+30
View File
@@ -248,6 +248,35 @@ As an antifragile consultant, you do not replace the MSSP. You make the MSSP eff
---
## AD Security: The Continuous Monitoring Tier
A one-time Active Directory security audit (Module 6) produces a point-in-time snapshot. AD environments drift — new accounts are created, service account passwords stop rotating, privileged groups accumulate members. Retained clients should have a **continuous monitoring tier** for AD security posture.
### The AD Continuous Monitoring Service
| Attribute | Detail |
|-----------|--------|
| **Tool** | PingCastle (quarterly scoring) — suited for tracking progress over time in complex AD environments |
| **Cadence** | Quarterly automated scan; score compared to previous quarter; trend report |
| **What it catches** | New privileged account additions, stale configurations that creep back, KRBTGT age drift, new Kerberoastable SPNs, legacy protocol re-enablement |
| **Deliverable** | Quarterly AD security score with delta from prior period; new findings prioritised by risk; confirmation of previously remediated items |
| **Format** | Included in retained capability contract or as a standalone quarterly retainer |
**The conversation**:
> *"Your AD is clean now. We know — we just fixed it. But AD doesn't stay clean by itself. Admins create service accounts, Group Policy gets modified, privileged groups get members. In six months, without monitoring, it will drift back. We run PingCastle every quarter, trend the score, and tell you what changed before it becomes a problem again. This is the difference between a one-time fix and a lasting security posture."*
### Recommended Retained Capability Stack (Post-Module 6)
| Capability | Tool | Cadence |
|-----------|------|---------|
| AD security scoring | PingCastle | Quarterly |
| AD attack path review | BloodHound (re-run) | Bi-annual or post-significant-change |
| EntraID hybrid health | Forest Druid | Quarterly |
| Privileged group membership | PowerShell/Entra audit | Monthly alert |
---
## Integration With Existing Frameworks
| Document | Integration |
@@ -256,6 +285,7 @@ As an antifragile consultant, you do not replace the MSSP. You make the MSSP eff
| [Modular Engagements](modular-engagements.md) | Retained capability audit can be delivered as a standalone 30-day module; detection engineering cell build is a 60-90 day module |
| [Antifragile Risk Register](../assessment-templates/antifragile-risk-register.md) | "Outsourced SOC with no retained detection engineering" is a T1 risk with extreme optionality impact |
| [Business Case Template](../playbooks/business-case-template.md) | Retained capability ROI calculation |
| [AD and Endpoint Hardening](../playbooks/ad-endpoint-hardening.md) | Module 6 produces the clean baseline; this document defines the retained service that keeps it clean |
---