Getting started on your blue team journey
As discussed in this chapter and Chapter 2, Managing a Defense Security Team, the first and most important thing that an organization can do is hire a CISO or employ a VCISO’s expertise in order to kickstart a blue team’s strategy.
As we learned in Chapter 3, Risk Assessment, creating an inventory of assets is the first thing a CISO should do. The CISO will perform the first risk assessment next in order to try to calculate the risk that the organization faces in the near future.
Subsequently, they will start hiring for the risk management blue team, getting enough people to help implement a Risk Management Framework (RMF). According to Chapter 4, Blue Team Operations, the next thing would be to make the organization security-aware. The risk management team will conduct sessions with the business team and teach them about security awareness until a new staff for that exact purpose has been hired.
As mentioned in Chapter...