SECURITY AUDITS & RED TEAMS
Security surveys, audits and red teams are important elements in the risk and security management programs of critical infrastructures operators, allowing them to verify that their security operation effectively mitigates the threats and risks they face.
• Security surveys are intended to provide the organization with a situational picture of the effectiveness of means and measures implemented on the basis of its risk management policy vis-à-vis terror, criminal activity
• Security audits are carried out either on a one-time or periodic basis, to verify the organization’s level of operational fitness, its preparedness to conduct routine and emergency operations, and its compliance with all relevant regulatory requirements.
The Red Team
• The Red Team, by definition, is an adversary team designed to replicate tactics that terrorists may employ against their targets. Red Team activity is defined as any set of activities that deal with an unannounced and covert assessment of the levels of security and readiness, by a team of operators that is unfamiliar to the assessed target, and of which the target is unaware. The function of individuals engaged in this activity is to provide a unique understanding – from the threat actor’s perspective – in a more lifelike and realistic setting,
than through exercises, role playing or announced assessments. Red Team activities may involve interactions
that trigger active controls and countermeasures within a given operational environment.
• Red Team activity is normally associated with assessing vulnerabilities and limitations of systems or structures. Various governmental agencies, such as Aviation Security Administrations and Nuclear Security Administrations presently conduct Red Team exercises on a regular basis