Atomic Purple Team Framework and LifeCycle Documentation Incomplete and in Progress The Atomic Purple Team Framework and Lifecycle is a business/organizational concept designed to assist organizations in building, deploying, maintaining, and justying Attack-Detect-Defend Information Security Exercises. Organizations struggling to efficiently leverage the skillsets of all information security staff will benefit from considering the Atomic Purple Team Lifecycle Framework's business driven workflow. The workflow takes its roots from tested continuous improvement frameworks like ISO9001, ISO27001, Six Sigma and the like. The methodical balance of risk analysis, attack, hunt and defend methodologies, and business considerations can effectively and continually improve an organizations' security posture. Call to Action - Help the Atomic Purple Team Framework Background Namesake Announcement and Open Source Soft Release - Black Hills Information Security Hosted Webcast Atomic Purple Team Framework Atomic Purple Team Life Cycle Life-cycle & Phases 1. Risk Assessment / Ingest 2. Planning 3. Attack 4. Hunt / Defend 5. Harden / Adjust 6. Report Initiating and Operating a Life-cycle Exercise Always start in Lab Always complete in Production Atomic Purple Team Playbook Brevity is key. Playbook Sections Project/Exercise Administration Risk Assessment/Ingest/Planning Attack Detect / Defend Adjust / Harden Change Management Report and Lessons Learned License Call to Action - Help the Atomic Purple Team Framework The Atomic Purple Team Framework yields itself to community involvement in the steering and feedback from deployments in business organizations. Defensive Origins knows that not all businesses are alike. We ultimately hope that the framework will be widely suitable for many organizations and encourage feedback from those who have deployed the framework in their environment. Open Issues on areas of the lifecycle that you have feedback. Lets work together to make the Atomic Purple Team Framework and Lifecycle a functional organizational tool that makes the world a better by place encouraging secure operations. Typo correction pull-requests are always welcome! Background Kent and Jordan have been working in Information Security for quite a while now. Despite working with Red-Teams and learning the adversarial toolsets, we are still blue-blood at heart. It gave us an opportunity to reflect at while the past years' Purple Teaming efforts never seemed as effective as they could (should) have been. Leveraging their background in business leadership, Kent and Jordan sought to create a business framework that would avoid the pitfalls of cooperate career identity ambiguity and instead focus on what skills Information Security Professionals have spent years mastering. The Atomic Purple Team Framework and Life-cycle are composed of three main components: Atomic Purple Team Framework: The business organizational framework defining job functions, responsibilities, and activities. Atomic Purple Team Life-cycle: The Attack-Detect-Defend exercises performed by members of the Atomic Purple team within an organization, as defined by the Atomic Purple Team Framework. Atomic Purple Team Playbook: The historical record of the Atomic Purple Team Life cycle execrises performed by the Atomic Purple team. The playbook offers accountability, evidence of work, and warrant of fiscal budget. Namesake In 2019 Defensive Originals was founded as a research and knowledge opportunity institution. The first class was titled "Atomic Purple Teaming". The class was great, however the title of the course offered some in the community confusion, expecting an automation or solution based framework more tightly aligned with Red Canary's[ Atomic Red Team][1] project. Despite having self published their first book, Atomic Purple Team, Defensive Origins pivoted and re-titled their classroom instructional series, Applied Purple Teaming. The Applied Purple Teaming course continues to grow, updating and adding additional attackdetect-defend exercises offering students practical experience. Many students acknowledged the courses' foundational chapter focusing on a business framework and life-cycle supportive of attack-detect-defend activities as being potentially pivotal in their own organization. At students requests, Defensive Origins chose to release the frameworkk and life-cycle as an open source initiative, titling the project after its first instructional cour