The teams
Red team
Red team consists of ethical hackers. They’re formed to identify and assess any vulnerabilities in security. Their attack will reveal the security limitations and risks in an organisation, so that the organisation can act on them. The process is repeatable periodically, using different hackers, so that new, alternate options for attack are created and implemented. This keeps the test current and up to date.
Blue team
Blue team consists of an organisation’s cyber security personnel. Depending on the organisation’s structure, these personnel may include a security analyst, security engineer, security architect or security administrator. Some organisations have people in specialised roles, such as security incident responders. Whatever the case, blue team is made up of the people who would likely respond to an attack in real-time.
How teams are formed
Red team
Red team is formed by review. It can be a team within the organisation, but most teaming sees an external force brought in. This brings new ideas into the fray and can expose personnel to hackers of a higher calibre than they’ve experience before. Red team is formed to offer a tough challenge.
Blue team
Blue team is formed by bringing together the least and most experienced cyber security personnel in an organisation. This mix of cyber security boffins creates realistic conditions for the attack. Some logistics may be required to bring everyone together without giving up the game. Reassignment may be needed.