<div>
Hi.<br />
&quot;Does anyone know of something like this being done?&quot; - sure, why not. As long as those people try those &quot;attacks&quot; (if any) on test networks first, go ahead.<br />
What do you want to know in particular?
</div>


<div>
i would make damned sure those employees are legit. &nbsp;That's all you need is for one of them to find an exploit and not tell you about it.
</div>


<div>
We just want to make sure our network stays as secure as possible and was curious if anyone else did this. &nbsp;Thanks!
</div>


<div>
But what if anyone else does this, do you feel supported in doing this?<br />
It surely depends on how you let them do this. If they run tools and they don't know how those work, they might disrupt working.
</div>


<div>
Yeah, we have a lot of questions. &nbsp;We were just seeing if anyone else is doing this so we could get some tips on how they are doing it and if it has been successful.
</div>


<div>
You can still have an internal security team setup to do such review and security acceptance but most of the time, the objective is to ensjre independent assessment done rather tham having same admin team to do it. Who guards the guards. The competency and certified party varied and compliance needs may not necessary allows internal team unless strong justification provider. There are penetration testing standard publicly available to kickstart. Note that revjew should not be audit unless that is the intent. Audit requires independent party so internal is mostly not engaged though helps in preparing the internal.
</div>


<div>
<div class="content wysiwyg-content">
We are looking at starting an internal &quot;white hat&quot; security team made up of some of our tech savvy employees. &nbsp;These users would, from time to time, try to access folders they shouldn't have access to, try to make themselves domain admins, try to change other users' passwords, etc. &nbsp;This would be in addition to their primary duties. &nbsp;Does anyone know of something like this being done? &nbsp;I know outside firms are available to do security testing, but it might be advantageous to have our own team. &nbsp;Thanks for any feedback!
</div>
</div>


We are looking at starting an internal "white hat" security team made up of some of our tech savvy employees.  These users would, from time to time, try to access folders they shouldn't have access to, try to make themselves domain admins, try to change other users' passwords, etc.  This would be in addition to their primary duties.  Does anyone know of something like this being done?  I know outside firms are available to do security testing, but it might be advantageous to have our own team.  Thanks for any feedback!

Internal &quot;White Hat&quot; security team

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Internal &quot;White Hat&quot; security team

Internal "White Hat" security team