# Red, Blue, and Purple Teams

By Daniel Miessler
[Source](https://danielmiessler.com/study/red-blue-purple-teams/), retrieved December 23, 2021 

- **Red Team** tests the effectiveness of a security program by emulating the tools and techniques of likely attackers.
- **Blue Team** is the internal security team that defends against attackers. Should be distinguished from standard security operations teams, as most do not have a mentality of constant vigilance against attack.
- **Purple team** integrates the defensive tactics and controls from the Blue Team with the threats and vulnerabilities found by the Red Team. Exists to ensure and maximize the effectiveness of both. Not a team as such, but rather a permanent dynamic between Red and Blue.

![](Red%20Blue%20Purple-pyramid-miessler.png)

Related:
[ISO 27001 A.14.2.8 System security testing](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A.14.2.8%20System%20security%20testing.md)
[ISO 27001 A.14.2.9 System acceptance testing](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A.14.2.9%20System%20acceptance%20testing.md)