Ver:
Equipo de
personas que se encarga de defender el sistema de información frente a los
atacantes (equipo rojo).
1. The group
responsible for defending an enterprises use of information systems by
maintaining its security posture against a group of mock attackers (i.e., the
Red Team). Typically the Blue Team and its supporters must defend against real
or simulated attacks 1) over a significant period of time, 2) in a
representative operational context (e.g., as part of an operational exercise),
and 3) according to rules established and monitored with the help of a neutral
group refereeing the simulation or exercise (i.e., the White Team).
2. The term Blue
Team is also used for defining a group of individuals that conduct operational
network vulnerability evaluations and provide mitigation techniques to
customers who have a need for an independent technical review of their network
security posture. The Blue Team identifies security threats and risks in the
operating environment, and in cooperation with the customer, analyzes the
network environment and its current state of security readiness. Based on the
Blue Team findings and expertise, they provide recommendations that integrate
into an overall community security solution to increase the customer's cyber
security readiness posture. Often times a Blue Team is employed by itself or
prior to a Red Team employment to ensure that the customer's networks are as
secure as possible before having the Red Team test the systems. [CNSSI_4009:2010]
Temas relacionados