Professional Documents
Culture Documents
Assurance
Zeus / Zbot
Torping / Sinowal
Conficker / Downup
Phishing
Spyware
RSA breach
40 million tokens and access compromised
Zappos, 2012
24 million records lost
Estonia, 2007
Georgia, 2008
Operation Aurora, 2009/2010
Stuxnet, 2010
Flame, 2012
Threat environment
Increasing sophistication of cyber threats
Attacks are organized, disciplined, aggressive, and well
resourced
Adversaries are nation states, terrorist groups, criminals,
hackers, and individuals or groups with intentions of
compromising information systems
Information technology is our greatest strength and at the
same time, our greatest weakness [NIST]
Growing cyber threats demand advanced mitigation strategies
10
11
12
NATO NC3A
Cyber Red Team (CRT)
Conclusions
Red Teaming is a process that models and simulates
adversary actions
Red Teaming requires highly skilled specialists
Red Teaming provides a more realistic picture of security
readiness of an organization than other methods (e.g.
penetration testing)
Red Teaming may contribute to achieving objectives of
national strategy for cyber security
14
15