Every red team assessment caters to different organizational elements. However, the methodology always includes the same elements of reconnaissance, enumeration, and attack. Before conducting a red team assessment, talk to your organization’s key stakeholders to learn about their concerns. Here are a few questions to consider when identifying the goals of your upcoming assessment:
- What could happen in my organization to cause serious reputational or revenue-based damage (e.g. ex-filtration of sensitive client data or prolonged service downtime)?
- What is the common infrastructure used throughout the organization (consider both hardware and software)? In other words, is there a common component on which everything relies?
- What are the most valuable assets throughout the organization (data and systems) and what are the repercussions if those are compromised?