Handling familiarity threats with red cell testing


April 07, 2012

A common term among accounting firms and service organisation, the phrase 'familiarity threat' stems from a close association between two or more individuals that clouds their professional and ethical responsibilities.

In some cases this can influence decision making activities and reporting duties in ways that the people concerned are unaware of at the time – such as taking an easy stance on questionable behaviour or not being as rigorous with a review as standing policies often require.

This term can easily be extended to cover the areas of online security, with professionals who have long associations or who are fairly familiar with each other's habits overlooking potential breaches or failing to include concerning elements in their findings.

This is where the value of red cell testing comes into play – bringing an ethical yet anonymous third-party group to the scene with the aim of accessing dummy data.

A team can be instructed to only target certain avenues of access, or provided with free reign over their method of penetration – such as phishing scams, dummy calls and social engineering attempts – in order to find gaps in a company's defences.

In turn this provides the company with a comprehensive report into where potential threats may lie that is free of familiarity or personal bias.

Leave a Reply

Your email address will not be published. Required fields are marked *