Equipo de
personas que se encarga de defender el sistema de información frente a los
atacantes (equipo rojo).
1. The group responsible for
defending an enterprise’s use of information systems by maintaining its
security posture against a group of mock attackers (i.e., the Red Team).
Typically the Blue Team and its supporters must defend against real or
simulated attacks 1) over a significant period of time, 2) in a representative
operational context (e.g., as part of an operational exercise), and 3)
according to rules established and monitored with the help of a neutral group
refereeing the simulation or exercise (i.e., the White Team).
2. The term Blue Team is
also used for defining a group of individuals that conduct operational network
vulnerability evaluations and provide mitigation techniques to customers who
have a need for an independent technical review of their network security
posture. The Blue Team identifies security threats and risks in the operating
environment, and in cooperation with the customer, analyzes the network
environment and its current state of security readiness. Based on the Blue Team
findings and expertise, they provide recommendations that integrate into an
overall community security solution to increase the customer's cyber security
readiness posture. Often times a Blue Team is employed by itself or prior to a
Red Team employment to ensure that the customer's networks are as secure as
possible before having the Red Team test the systems. [CNSSI_4009:2010]