R11 — Lateral Movement

Stress-test Lateral Movement in the Post-incident recovery scenario You took the job because the previous CISO was fired after a breach.
Start playing →
R11 Insider Severity 8 · Major

Detection finds it; prevention (segmentation) limits it; identity contains it.

What is Lateral Movement?

Detection finds it; prevention (segmentation) limits it; identity contains it. CISO Game tracks this as R11 in the live risk register, severity 8 (Major), category Insider.

How does CISO Game model Lateral Movement?

Exposure for R11 runs from 0 to 100, recomputed live as you buy, cancel, or reassign products. How the exposure model works →

Real-world parallel

Lateral movement is what turns a single compromised endpoint into an enterprise-wide incident. Network segmentation, micro-segmentation (Zero Trust), and credential hygiene (no shared local admin passwords, LAPS, no domain admin reuse) are the structural mitigations. EDR with strong behavioral detection is the alarm system that catches it in flight.

How do security teams mitigate Lateral Movement?

The dominant subscore levers for this risk are:

Which investments mitigate Lateral Movement?

Products in CISO Game that reduce exposure to R11:

Which related risks should you also watch?

Risks with similar dominant subscores or shared category — addressing one often helps the others:

Why does Lateral Movement matter to a CISO?

Insider risk is uncomfortable but persistent — every employee with access can be the threat. Lateral Movement is mitigated by both technical controls (DLP, behavioral analytics) and program design (offboarding rigor, morale).

How can you test your mitigation strategy?

Click Play CISO Game free to see R11 appear live in your risk register and watch each purchase move the exposure number in real time. No signup required.

Stress-test Lateral Movement in the Post-incident recovery scenario →