Red Teaming Test Summary Report (RTTSR)
| No: 562240000067 | Date(g): 13/5/2019 | Date(h): 9/9/1440 | Status: In-Force |
When the Remediation Plan is finalized, the White team will generate a summary test report (fully anonymized) in order to share via SAMA (i.e. the Green Team Test Manager) to all relevant Member Organization Committees (e.g. the BCIS). The summary test report should cover the current threat landscape for the financial sector, the red teaming test results and the observed weaknesses or vulnerabilities during the red teaming test and should include the lessons learned.
This report should only be provided via a secure communication channel and shared under an agreed communication protocol (i.e. need-to-have and for-you-eyes-only).
Below the outline of the report and the required elements (not limitative):
| Red Teaming Test Summary Report (RTTSR) | ||
| 1. | Introduction | |
| 2. | Personalized distribution list (to ensure the agreed communication protocol) | |
| 3. | Executive summary | |
| 4. | Background of the executed red teaming test | |
| 5. | The financial sector current threat landscape and recent cyber-attack trends | |
| 6. | The outline of each attack scenarios executed | |
| Listing of the most relevant identified vulnerabilities and weaknesses | ||
| Most relevant observations focused on people, process and technology | ||
| Most relevant observations focused on detection, response and recover | ||
| 7. | Lessons learned | |
| 8. | Suggestions for the Financial Sector | |
| 9. | Recommendations for adjusting the Saudi Arabian Financial Entities Ethical Red Teaming Framework | |
| The Red Teaming Test Summary plan should be classified: Highly Confidential (need-to-have and for- you-eyes-only) | ||