Development and operations a practical guide
Download 4.62 Mb. View original pdf
|
- Navigate this page:
- Roles and Responsibilities
| Red Team Tip Announced vs. Unannounced Notification 1) If the overall goal is to measure the effectiveness of an organization’s security operations, start the planning with an unannounced engagement. Even with the limitations, the results will be the most accurate and realistic in terms of understanding a threat’s impact) If the overall goal is to measure the effectiveness of a specific capability, tool, processor technology, start the planning with an announced engagement. When goals are specific or targeted, including the defenders can ensure the scope and rules are adequately designed to achieve the desired results. Roles and Responsibilities An effective Red Team is comprised of a team of individuals who can contribute to the overall success. Diversity is crucial, but the team as a whole must be comprised of the core operator traits. A team can be even more successful when multiple team members contribute in various areas. In addition to the Red Team itself, successful execution of an engagement requires the involvement of numerous roles and groups. White Cell (Typically used during game style execution) The White Cell primarily enforces the Rules of engagement to ensure neither Red Team nor defender activities cause unexpected problems in the operational or target environment. The White Cell is often tasked with: Serving as referee between Red Team activities and defender responses during an engagement Establishing metrics for the engagement Coordinating activities on both sides to ensure engagement goals are achieved Providing the information required to conduct an efficient engagement Assisting with deconfliction activities between the Red Team and the defenders Scoring the engagement (if applicable) Providing a consolidated list of lessons learned obtained through observation during and after—action request immediately following the engagement The White Cell is also responsible for correlating activities conducted by the Red Team with actions performed by the defenders (including times, systems, networks, team communications, etc. This data is beneficial to the defenders as well as to the control group in identifying shortfalls in the security of the environment and defensive actions. It is important to note that the White Cell is an observer and data correlator role, and not part of the target environment or engagement team. The White Cell should receive information from the defender but never deliver information to the defender. Any information provided to the defender must be routed through the Engagement or Exercise Control Group. Download 4.62 Mb. Share with your friends:
|