In covert security testing, who is unaware of the test being conducted?

In covert security testing, the primary focus is to simulate real-world attack scenarios without the knowledge of certain key stakeholders within the organization. The correct answer indicates that the security team conducting the test is unaware of the test being performed. This is essential to maintain the element of surprise and to gather accurate data about how well the organization's defenses hold up against genuine threats.

However, typically in a covert testing scenario, the management and sometimes specific teams within an organization may be aware or at least need to approve such an operation for legal and ethical considerations. The employees, on the other hand, usually do not have any knowledge of the testing since the goal is to assess their responses to potential security breaches in a genuine context.

In the case of external adversaries, they are by definition unaware of internal testing, but they do not have a role in the planning or execution of the security assessment being conducted within the organization. Therefore, the focus of covert testing lies in observing how unaware staff respond to potential security threats during the actual events of the test. This approach helps organizations evaluate their incident response capabilities and overall security posture more effectively.