Red Team Assessment

SeverineSeverine Member Posts: 33 ■■■□□□□□□□
What are the key points that should be discussed and asked suppliers to confirm if their approach towards Red Team assessment is the most suitable one?

Comments

  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    I think that you must have a mature IS program before Red Teaming is really worthwhile. 

    You need to distinguish(very roughly) between:
    audit: do a verifcation based on a checklist...
    vuln assessment: use vuln scanner to find  vuln but not exploiting it self
    pentest: epxloit those vulnerabiliy..
    red teaming: red teaming is a pentest, but it is also a test of your detection capacity. if you dont have a blue team, then red teaming is not really useful.

    If it is one of your first foray into IS, then start with the basic, then vuln assessment and pentest. 

  • SeverineSeverine Member Posts: 33 ■■■□□□□□□□
    Okay. Thanks, Steve!
Sign In or Register to comment.