BUY and SELL CELL PHONES!

Red teaming – the practice of “friendly” parties taking on the role of adversaries – helps an organisation understand where it might be exposed in terms of information security.

This is not just about penetration testing – a red team behaves like an attacker or nefarious group using any and every means possible to gain unauthorised access to the organisation’s information. A “blue team” will endeavour to defend the organisation from attack.

A red team exercise involves thorough planning, with clear objectives. Set out possible scenarios, skills required, use of available technology and possible outcomes. Decide what you will do with the results of the exercise to defend the organisation better. It may not be feasible to deal with everything, so often the organisation will risk-assess the issues identified and prioritise accordingly.

Red teaming can be expensive, more so when using an external party. Even when using internal resources, individuals are being taken away from their day-to-day roles to participate – although this can improve employee engagement. Some organisations undertake a like-for-like exchange with a similar organisation, saving the costs of employing a fully external red team, but benefiting from an outside perspective.

Having an experienced external team involved in facilitating the exercise or testing real-time defences is likely to achieve better results for the organisation.

During a red team exercise, individuals are assigned specific roles (possibly with a biography), so they think like a particular type of attacker (a cyber terrorist or hacktivist, for example). The team must be open-minded and embrace the challenge wholeheartedly, behaving like an adversary for the duration of the exercise.

The frequency of undertaking red team exercises often depends on the organisation’s information security maturity. A mature organisation may benefit from performing these exercises as frequently as every six months, whereas less mature organisations will focus on addressing the SANS Top 20 before embarking on red teaming.


Maxine Holt is principal analyst at the Information Security Forum (ISF). …………………………………………………………………………….. ………………………………………………………………………………….

LEARN LAPTOP REPAIR!

Source link