Before a Red Team assessment...
Before a red team assessment I usually recommend organizations perform at least 2 out of these 5 actions:
- Identification of the critical information to be protected
- Threats analysis
- Vulnerabilities analysis
- Risks assessment
- Application of the countermeasures
The ones I recommend are the identification of critical information and threat analysis. Those two will most likely define the rest, however if you could perform all 5 action before a red team tries to break in, it would increase the chances of 1) having a tighter security posture and 2) providing proper guidance after the exercise.