Thesis_SidChowdhury.pdf (1.73 MB)
0/0

PERCEPTIONS OF PURPLE TEAMS AMONG CYBERSECURITY PROFESSIONALS

Download (1.73 MB)
thesis
posted on 15.05.2019 by Siddharth Chowdhury
With constant technological advancements, the attacks against existing infrastructure is constantly increasing and causing more damage. The current Red and Blue team approach to cybersecurity assessments is used to test the effectiveness of security defenses and in identifying vulnerabilities before they are exploited. Due to a lack of collaboration and inherently contradicting natures of these teams, the credibility of audits is impacted. While this has led to the synergistic and collaborative Purple team, it is important to understand how cybersecurity professionals perceive this new concept and its function. Analyzing perceptions of self-reported cybersecurity professionals via an online survey showed most believed Purple teams were beneficial and should be created from and collaborate with Red and Blue teams. However, past Red team experience was negatively linked to perceived benefit. Those who had more years of experience or had been on Red teams were more likely to believe Purple teams may have ownership or learning issues. Furthermore, professionals identified active managerial involvement and project clarity as critical success factors for Purple teams. Alongside these, management could help find the right skillset, provide resources, and offer active direction in order to avoid issues and maximize outcomes. Based on assessment relevance, a collaborative agreed-upon methodology for Red, Blue, and Purple teams was provided.

History

Degree Type

Master of Science

Department

Computer and Information Technology

Campus location

West Lafayette

Advisor/Supervisor/Committee Chair

Dr. Kathryn C. Seigfried-Spellar

Additional Committee Member 2

Dr. Marcus K. Rogers

Additional Committee Member 3

Dr. Baijian Yang

Licence

Exports

Logo branding

Licence

Exports