In this series of articles, we will be exploring the InfoSec colour Team Structure, the different teams and how they interact with one another.
Most InfoSec people have heard about Red and Blue cyber teams, but what about the other coloured teams and how they all link together to produce a complete cyber coverage.
Team Colours
The colour chart above represents the different coloured teams.
The Red Team represent ‘The attackers.’
The Red team include security and penetration, testing teams. These teams are focused on individual cybersecurity issues and carry out a deep dive into that subject, with either hypothetical, simulated or real security testing. Please see our ‘Red vs Blue’ article for more details.
The Blue Team represent ‘The Defenders.’
The Blue team include incident responders, support engineers, threat hunting and forensic teams. The Blue team are focused on monitoring and reporting detected and reported incidents. Please see our ‘Red vs Blue’ article for more details.
The Yellow Team represent ‘The Builders.’
The Yellow team include the testing, development, software engineers and system architecture. These are the people that build and design software solutions in order to make businesses more efficient or bring new products to market. Their focus is usually on requirements, functionality, user experience and back-end performance.
Now we have the three primary teams, we can start looking at how they can feed into each other.
The Orange Team
The Orange team include Training and Facilitators. The purpose of the Orange Team is to assist the Yellow team to understand cybersecurity, increasing their secure coding skills by providing education, threat modelling and providing inputs to design implementation. The orange team should keep communication paths running between the Yellow and Red teams.
The Purple team
The Purple team include resources with both Red and Blue skills. The purpose of a Purple Team is to maximise the results of the Red Team engagements and improve the Blue Team capability. Most industries have learned that the cybersecurity works best when Red and Blue Teams work together to improve the security posture of the organisation.
The Green team
The purpose of the Green team is to build policies and frameworks for the Yellow team to follow and to interact between the Blue Team and members of the Yellow team. The goal is to improve cybersecurity, code quality, audit 3rd party libraries, open-source dependencies and design defence capability for detection, incident response and data forensics.
We bring them all together to create the final Team.
The White team
White Team members include elements of Compliance, Management, Analysts, Logistics and business representation. The purpose of the White team is to provide neutrality, organise teams, set strategy, perform risk assessments, and monitors defect remediation. They also tend to run Red Vs Blue team exercises and facilitate groups to help communicate and work together for the benefit of the business.
To read our other InfoSec articles please follow the link below.
Contact us to find out how we can assist you in the development and build of your teams’ skills, and in the testing of your cybersecurity capability.