Jack O'Sullivan
November 24 2020
Success all starts at the planning stage.
This is especially true of a red team engagement, and with the high level of investment, both in terms of time and money, it’s essential that the planning stage is conducted in a rigorous and robust manner. Ensuring that the desired outcomes are achieved and that business objectives are met.
But, how do you go about planning for a successful red team test? We explore just some of the ways you can get the most from red teaming.
It’s important to gather as much information as possible before you start any red team assessment and you’ll need to do the best you can with the time that you have. But what information should you collect and how should this be presented? We would suggest the following information split over two key pre-test documents.
A scoping document is the overall business document and is designed to give a high-level overview of the test, why it’s being conducted and what is to be delivered. It gives people who may sit outside of the testing process, especially board level decision makers, enough information to assess the value to the business and to understand the rationale for undertaking such a test.
So, what information should this document include:
2. Survey document
A survey document provides a more detailed, technical view of the test to be undertaken. This document is designed solely for those involved in the test process.
This can include:
It’s best to validate as much of this information as possible before sending it out to a third-party vendor.
Once you have the internal information in place and have achieved internal buy-in, now is the time to get your external testing provider involved in the pre-test process.
An external vendor should work closely with you to understand your overall business objectives and to validate and interrogate the information you have gathered. Outlining the best possible test routes to ensure you are getting the right outcomes for your business.
Here at Secarma, we see pre-test planning as the vital first stage of any red team process and our dedicated team will work closely with you to ensure every aspect of the engagement has been correctly set out before we engage in any testing.
Interested in working with us to develop your cybersecurity maturity? Get in touch with us for a conversation with our ethical hacking specialists.