Client initiated a Red Team attack to test the organisation’s security procedures and assess the security level within the organisation.
The subsequent report revealed areas and topics with room for improvement, and the client therefore wished to initiate a remediation project to address these challenges.
The task was then to commence the remediation project by executing the PRINCE2 phases [Starting up a project] and [Initiating a project].
“When used in a computer security context, a red team is a group of white-hat hackers that attack an organization’s digital infrastructure as an attacker would in order to test the organization’s defenses (often known as “penetration testing”).”
Excerpt from Wikipedia article about Red team
The starting point for clarifying the scope was the detailed report from the Red Team attack. However, the project was still challenged in terms of scope clarification due to many related dependencies between the observed challenges.
These challenges were resolved by creating a list of all observed challenges and categorising them into related areas. Subsequently, the respective areas were prioritised, and then the individual challenges were prioritised.
After prioritising areas and activities, the resolution of the respective activities was estimated in terms of both time and cost.
Finally, the project prepared a recommendation for the steering committee, after which the project was handed over to an internal project manager.
| Competences and technologies used: |
|---|
| Project Management, GDPR, IT security, Cyber security, ISO 27001, Vendor management, Process, Microsoft Windows, Microsoft infrastructure, |