There is an interesting book: Red Team How to succeed by Thinking like the Enemy Micah Zenko I thought it was good. It's not focused on IT, but there is plenty of IT in it. Good background if you are focused on IT. "You cannot grade your own homework." "The boss must buy in." (and signal down the chain) "not a core practice", "doesn't generate income" There is an interesting section about 28 minutes into the video (below). In a commercial world, some people actively avoid red teams. The legal penalties for negligence are smaller than those for willful harm. That is followed by a discussion of GM's ignition switch mess. The corporate culture was to suppress bad news in the interest of maintaining quarterly profits. You can hide problems in committees. -------- He gave a talk at the World Affairs Council, Dec 2015 http://www.worldaffairs.org/media-library/event/1533 https://www.youtube.com/watch?v=9bHUgjyVzY0 Red teaming: it's a practice as old as the Devil's Advocate, the sixteenth-century Catholic official charged with discrediting candidates for sainthood. Today red teams--groups of fearless skeptics and friendly saboteurs--are used widely in both the public and private sectors. Red teaming helps pinpoint institutional weaknesses and anticipate potential threats ahead of the next Special Forces raid, malicious cyberattack, or corporate merger. But not all red teams are created equal; indeed, some cause more damage than they avert. Using them effectively just may be the greatest challenge for organizations in the twenty-first century. In Red Team, security expert Micah Zenko draws on the little-known case studies and unprecedented access to elite red teamers to reveal the best practices, common pitfalls, and winning strategies of these modern-day Devil's Advocates. Red Team shows how any competitive group can succeed by thinking like the enemy. --- There are several other similar videos on YouTube. I assume they were all part of a book tour. -- These are my opinions. I hate spam. _______________________________________________ security mailing list -- security@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to security-leave@xxxxxxxxxxxxxxxxxxxxxxx
