Preview Mode Links will not work in preview mode

CyberSecurity Sense is LBMC's monthly podcast that will provide insights and updates on such information security topics as: Penetration Testing, Ransomware events, Digital Forensic Analysis, Electronic Discovery and Litigation Support, Risk Assessments, Security Program Planning, Web Application Security, HIPAA Compliance, HITRUST Certifications, NIST 800-171 Certifications, PCI Data Security Standards, SOC Reporting and SOX Compliance.

Jul 18, 2018

In a previous podcast, we discussed purple-teaming as it compares to a conventional penetration test. Let’s now build on that approach, starting with the differences between attack simulation and conventional penetration tests. The methodology of attack simulation is the assumption that the network or a system will become compromised and the current controls will not prevent the infection.

So, how does attack simulation differ from purple-teaming? With purple-teaming, everyone know what controls are being tested and when. The attack simulation is a bit different, asthe focus is the emulation of a specific attacker group and their methods of obtaining sensitive data. In this podcast, LBMC Information Security’s Bill Dean discusses attack simulation, or what some people label adversary simulation.