The first step is to define a possible scenario for the assumed breach assessment in consultation with my clients - this could be an internal scenario, for example. Then we define possible targets - this could be the compromise of the CEO account or his workstation, the compromise of certain user accounts (e.g. system administrators) or the takeover of the Microsoft Active Directory. Ideally, as few employees as possible should be involved (white team), as this will give you a truly realistic and undistorted picture of the ACTUAL state of your current IT security and IT defence level.
Preparation for Internal Attacks
I think we can all agree in IT security that there is no such thing as 100% protection against cyber attacks. In the Assumed Breach scenario, we assume that a malicious attacker has already gained access to your internal network. Compromised trusted internal connections (Trusted Relationship or Valid Accounts) are one possible scenario. Another example is the classic trainee scenario.