2013. 5. 26. 12:02ㆍ전략 & 컨설팅/전략
http://www.csoonline.com/article/221695/red-team-versus-blue-team-how-to-run-an-effective-simulation 퍼옴.
Red Team Versus Blue Team: How to Run an Effective Simulation
Playing the role of an attacker can make your team better at defense. Our step by step guide to war gaming your security infrastructure--from involving the right people to weighing a hypothetical vs. live event.
The military does it. The Government Accountability Office does it. So does the NSA. And the concept is making its way into the corporate world, too: war gaming the security infrastructure.
Red team-blue team exercises take their name from their military antecedents. The idea is simple: One group of security pros--a red team--attacks something, and an opposing group--the blue team--defends it. Originally, the exercises were used by the military to test force-readiness. They have also been used to test physical security of sensitive sites like nuclear facilities and the Department of Energy's National Laboratories and Technology Centers. In the '90s, experts began using red team-blue team exercises to test information security systems.
특히 컨설팅 프로젝트에서 Blue팀 미팅의 의미는 크다.
작게 보면 Quality Assurance를 위해서지만, 크게 보면 선배 컨설턴트들의 시각에 대한 공유를 통한 컨설턴트들의 성장과, 발표장에서 예상 가능한 attack 들에 대한 선제적 대응의 의미가 크다.
특히, 컨설턴트들의 레벨이 전반적으로 낮고, 조직에 Senior들이 희소하다면, 프로젝트 초반에 Blue Team Meeting을 통해 (이름을 뭐라 붙이건 상관은 없지만...) 방향을 잡아 주는 것이 매우 중요하다.
많은 Partner들이 간과하는 책임이기도 하다.