The Red, Blue and Purple Team and What’s Between Them

CybeRiskBlog, Cybersecurity

Purple Team

With a tradition stemming from military training exercises, the idea of pitting a “Red Team” of trained attackers against a “Blue Team” defending the organization has been taken up over the years by a diverse set of institutions. These include government bodies like the U.S. National Security Agency and the Government Accountability Office and corporate enterprises in which war-gaming exercises are used to test the security infrastructure of active businesses. The concept has also been used to test the physical security measures deployed at places like nuclear facilities, or the Department of Energy’s National Laboratories and Technology Centers. It’s an adversarial technique that can too often lead to the same outcome as many a sporting event: Two opposing sides give … Read More

The Necessity of Cyber War Games

CybeRiskBlog, Cybersecurity

In the event of a cyber-attack, an organization’s reaction to the occurrence, and the subsequent actions taken, may have as significant an impact as the severity of the attack, itself. A company’s response to cyber incidents may be rendered more effective if a culture of preparedness has already been instilled. Penetration testing is one approach to this – but the method may lack the fluidity, the completeness, and spontaneous nature of real-world attack scenarios, where both internal and external influences may alternately exacerbate or relieve the conditions that have to be dealt with. In military and intelligence circles, war game simulations have been staged for decades, as a means of preparing armies and agencies for the conditions they’re likely to … Read More