Title :
The appropriate use of force-on-force cyberexercises
Author :
White, Greg ; Conklin, Art
Author_Institution :
Texas Univ., San Antonio, TX, USA
Abstract :
Over time, network threats change, so a computer network defense system must be periodically tested to assess its true ability. Within the computer network arena, organizations are using cyberexercises to test reactions to security attacks and penetrations. Cyberexercises take a variety of forms; one of the most popular pits an attacking red team against network, system, and security administrators. Red teams are a popular way to test an organization´s security posture, but proceeding too quickly with this kind of exercise can be counterproductive. Examining network security from a comprehensive organizational viewpoint raises several interesting questions: When are red teams and technical exercises appropriate? What aspects of network security do these types of exercises test? What alternative cyberexercises might be more suitable?.
Keywords :
computer network management; security of data; telecommunication security; comprehensive network security Solutions; computer network arena; computer network defense system; force-on-force cyberexercises; organizational viewpoint; red team; security administrators; security attacks; security posture; technical exercises; Computer crime; Computer networks; Government; History; Internet; Military aircraft; Open source software; Personnel; System testing; Terrorism; 65; cyber test; force on force; red team;
Journal_Title :
Security & Privacy, IEEE
DOI :
10.1109/MSP.2004.58
