Red Team Evaluation Report (RTER)
| No: 562240000067 | Date(g): 13/5/2019 | Date(h): 9/9/1440 | Status: In-Force |
Effective from 2019-05-13 - May 12 2019
To view other versions open the versions tab on the right
At the end of the red teaming exercise, the Red Teaming Provider will draft an evaluation test report, which contains an assessment of the Member Organization's cyber security resilience against the executed cyber security attacks. The report should include a diagram of how the attack scenarios were executed. This report should be issued to the White Team, Blue Team and Green Team.
Below the outline of the report and the required elements (not limitative):
| Red Team Evaluation Report (RTER) | ||
| 1. | Introduction | |
| 2. | Executive summary | |
| 3. | Scope | |
| • | Scope of the agreed red teaming test | |
| • | Background on the agreed targeted critical (information) assets and functions | |
| • | Goal and objectives of the red teaming test | |
| • | Items which were explicitly out-of-scope | |
| 4. | Control Framework - references | |
| • | F.E.E.R. Framework | |
| • | OWASP (Top-10) | |
| • | Others | |
| 5. | Execution Methodology | |
| • | Listing all the attack stages and actions performed by the Red Team during the red teaming test | |
| • | How the each attack scenario was conducted, how, when and where (i.e. the exploited cyber kill chains, summarized in the form of attack vector diagrams) | |
| • | Explanation of the Cyber Kill Chain methodology and Tactics, Techniques and Procedures that were planned and eventually executed | |
| • | The timeline of activities performed (dates and time) | |
| • | What specific tools or software and methods were used during the attack scenarios | |
| • | Methodology for the risk rating for the observations | |
| 6. | Observations | |
| • | Listing of the identified vulnerabilities and the weaknesses of events that did occur | |
| • | Observations focused on people, process and technology | |
| • | Observations focused on detection, response and recover | |
| • | Suggested risk description and risk rating for each observations | |
| • | Recommendations on suggested improvements | |
| 7. | Conclusions | |
| • | An overall conclusion of the cyber resilience of the Member Organization | |
| • | Detailed conclusions for each attack scenario performed | |
| • | A conclusion per agreed critical information assets or function | |
| Appendices | ||
| • | The list of involved teams and team members | |
| • | Screenshots with evidence | |
| • | Any other supportive materials | |
| The report should be classified as: Confidential | ||