SlideShare a Scribd company logo

Role management

Download as PPTX, PDF
Abidullah Zarghoon
Abidullah Zarghoon

The document discusses various topics related to role management in IT security, including: - IT security roles such as the chief security officer, security engineer, and information security analyst. - Where the IT security department should be located within an organization, including options of being within the IT department, outside of IT, or a hybrid solution. - The importance of top management support for IT security, as well as developing relationships with other departments such as HR, legal, and audit. - Outsourcing some IT security functions to managed security service providers or other firms to leverage external expertise, though all controls should not be outsourced.

Technology
1 of 34
Role Management ABIDULLAH ZARGHOON
What to expect?  Understanding organization  IT Roles  Where to locate IT security?  Top Management Support  Relationships with other departments  Outsourcing IT security
Understanding Organization  Comprehensive security is not possible without proper security staff  Their placement  Relationships with other organizational units  Requires proper planning and allocation
IT Roles  Chief Security Officer  The title usually used for head of security department  Application security engineer  Application security engineers maintain computer applications and software. They spend almost all their time in an office environment, with most of their work involving writing and testing software.  Security engineer  Security engineers are responsible for creating and implementing solutions that ensure an organization’s products and systems are secure.
IT Roles  Network security engineer  Network security engineers play an essential part in the deployment, configuration, and administration of network- and security-related hardware and software. This includes firewalls, routers, network monitoring tools, and VPNs (virtual private networks). They are also tasked with performing network security risk assessments, and might be asked to help design network infrastructure.  Information security analyst  Information security analysts are responsible for examining security problems and finding solutions. Their duties include researching the industry, finding security threats, and developing strategies to ensure their organization remains secure.
IT Roles  Security Manager  The title given to the responsible body of organization to manage security  IT security specialist  IT security specialists analyze an organization’s cybersecurity posture and its past breaches to understand how incidents occur and what needs to be done to prevent them. Given that IT and cybersecurity are such broad topics, organizations will usually have many IT security specialists, each one focusing on a specific area.
Location of IT Security Department
Within IT Department  Placing the IT security department within the information technology department is attractive because security and IT share many of the same technological skill set.  Report to the responsible of IT of the organization directly, for instance, Chief Information Officer (CIO).  CIO will be accountable for security breaches  CIO will support the security department to create safe IT infrastructure  Easier to implement security changes.  Dependent of IT department
Outside of IT Department  Easier to deal with other departments  Enforce security policies on IT department as well  Mostly advised option  Conflict with the IT department
Hybrid Solution  Role segregation  Operational aspects are divided  IT maintains devices such as firewalls and others  Planning, policy making and auditing relates to security
Top Management Support
Top Management Support  Top management support is crucial to the success of any security program.  IT security is hard to succeed unless top management gives strong and consistent support.  Support of top management will help in the following:  Budget  Support in conflict  Setting personal examples
Relationships with other Departments
Special Relationships  To be successful, the IT security department must develop productive relationships with other departments.  Some departments in an organization are of special importance to the IT security department
HR Department  The relationship between HR and IT security should be rich.  HR is responsible of security training programs.  Controls the process of recruitment and termination of employees.  IT security should be involved in the recruitment and termination process to ensure security issues are taken into account.  HR is involved in penalities when employees break security rules.
The legal Department  Legal department deals with all the issues related to a countries law and regulations.  It is important to have good relationships with legal department  Legal department should ensure that security policies are legally sound  The legal department should be involved if security incident happens
Audit Department  Most of the big companies such as banks have internal audit department.  This department examines organizational units for efficiency, effectiveness and adequate controls.  The IT audit department examines the efficiency, effectiveness and controls of processes involving information technology.  IT security audit is usually placed under one of the audit departments. Not the IT security department  This makes the IT security audit independent of IT security department
All other departments  The security department should have good relationships with all the departments in the organization  Security department is not about developing and distributing policies to other departments  Other departments does not trust security department because security makes life harder  It is important to have good relationships with other department to have a conflict free and successful security
Outsourcing IT Security
Outsourcing  It is not common to fully outsource IT security  However, it is an option  Most companies outsource some of the IT security  This allows companies not to lose control of their security
Email Outsourcing  The most common IT security outsourcing is for email  Email connections to and from the Internet are routed through the outsourcer  The outsourcer provides inbound and outbound filtering  This avoids spam and malware in attachments and scripts in email bodies  Outsourcing email filtering is effective because filtering is becoming a highly specialized field  Email filtering relies on rapid response to new threats  Lists of dangerous email sources are updated hourly or even more rapidly
Managed Security Service Provider  This is outsourcing alternative to delegate even more controls to an outside firm  This firm is generally known as Managed Security Service Provider (MSSP)  MSSP places a central logging server on your network.  Ther server uploads the firm’s event log data to MSSP site.  Security experts and security scanning programs checks the logs and alert in case of an incident
Why use MSSP?  Security experts are expected to sit idle most of the time because incidents do not happen regularly  Internal security experts might not be as capable as the MSSP security experts due to the extent of security events MSSP handles every day.  MSSP is independent and will not make exceptions in the companies policy for any top management staff  MSSP can observe the IT staff of the company
Continued  All controls should not be given to MSSP  Policy development and planning are very important for the organization to handle  Contract should be specific even in simple matters  MSSP should be regularly checked with  Poor job by MSSP can cause great damages to the company
IT Asset Management (ITAM)
What is ITAM?  IT Asset Management (ITAM) is defined as the set of business practices that join financial, contractual and inventory functions to support lifecycle management and strategic decision making for the IT environment in support of the organization’s overall business objectives.
Why do ITAM?  Manage IT Assets so that maximum value is gained from the use of the assets across the lifecycle and beyond  Value is: • Financial accountability • Risk reduction such as through proper disposition of waste • Efficiency, performance • Customer satisfaction • Control, long-term manageability
Key Process Areas Acquisition Management Disposal Management Policy Management Asset Identification Documentation Management Program Management Compliance Management Financial Management Project Management Communication and Education Management Legislation Management Vendor Management
To Manage or Not to Manage?  Cost of asset  Volume in the environment  Life expectancy  Risk factors if not managed  Security risks  Loss of productivity  Sarbanes Oxley & other legislation  Redeployment  Leased  Mobility of asset  Cost of building the IT asset management processes
Commonly Managed Assets  Software – Licensing compliance risk – high cost and audits  Mainframes – high cost  Laptops – mobility, cost, risk factors  Desktops – redeployment candidate, often leased  BYOD devices – risk factors  Telecom – division of ownership  Servers – cost, risk to business continuity Should we Manage?  Printers  Monitors  Hub, routers, firewalls
IT Asset Management Policies  Policies govern behaviors within the organization. The purpose of asset management policies are to have assets that are:  Trackable  Maintainable  Cost effective  Used for the good of the organization  Topics are many times buried in policies with other names such as Security, Acceptable use, Disaster Recovery, Expenses, etc.
Policy Topics for Asset Management  Privacy – no expectation of privacy  Prohibited use – limitations on use of equipment and or software  Personal use – rules for use non-business  Use of non-corporate assets on the network – BYOD devices and software allowed? Dialing in from home?  Physical security of the equipment – loss and theft prevention, usually in the Security policy  Commitment to energy conservation – Energy Star program, monitor sleep settings  Environmental Self Audit – policy for disclosure, escalation methods
End of Lifecycle  Redeployment  Retirement  Re-use
Thank You!

Recommended

Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organizationDan Morrill
 
How to write an IT security policy guide - Tareq Hanaysha
How to write an IT security policy guide - Tareq HanayshaHow to write an IT security policy guide - Tareq Hanaysha
How to write an IT security policy guide - Tareq HanayshaHanaysha
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011codka
 
develop security policy
develop security policydevelop security policy
develop security policyInfo-Tech Research Group
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ InfrastructurePriyank Hada
 
Information security management iso27001
Information security management iso27001Information security management iso27001
Information security management iso27001Hiran Kanishka
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessnewbie2019
 
1. security management practices
1. security management practices1. security management practices
1. security management practices7wounders
 

Recommended

Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organizationDan Morrill
 
How to write an IT security policy guide - Tareq Hanaysha
How to write an IT security policy guide - Tareq HanayshaHow to write an IT security policy guide - Tareq Hanaysha
How to write an IT security policy guide - Tareq HanayshaHanaysha
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011codka
 
develop security policy
develop security policydevelop security policy
develop security policyInfo-Tech Research Group
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ InfrastructurePriyank Hada
 
Information security management iso27001
Information security management iso27001Information security management iso27001
Information security management iso27001Hiran Kanishka
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessnewbie2019
 
1. security management practices
1. security management practices1. security management practices
1. security management practices7wounders
 
Security policy
Security policySecurity policy
Security policyDhani Ahmad
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security BackgroundNicholas Davis
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
Information Risk Management Overview
Information Risk Management OverviewInformation Risk Management Overview
Information Risk Management Overviewelvinchan
 
Information Systems Security Review 2004
Information Systems Security Review 2004Information Systems Security Review 2004
Information Systems Security Review 2004Donald E. Hester
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...festival ICT 2016
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security ManagementEC-Council
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and StandardsDirectorate of Information Security | Ditjen Aptika
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standardsprimeteacher32
 
Network security policies
Network security policiesNetwork security policies
Network security policiesUsman Mukhtar
 
Implementing security
Implementing securityImplementing security
Implementing securityDhani Ahmad
 
Physical Security Management System
Physical Security Management SystemPhysical Security Management System
Physical Security Management SystemDaniel Suchy, CPP, MSyI
 
Risk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningRisk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningKeyaan Williams
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptxPiyush Jain
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Tammy Clark
 
Bis Chapter15
Bis Chapter15Bis Chapter15
Bis Chapter15Chun Hoi Lam
 
Information risk management
Information risk managementInformation risk management
Information risk managementAkash Saraswat
 
Information Security Blueprint
Information Security BlueprintInformation Security Blueprint
Information Security BlueprintZefren Edior
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementMaganathin Veeraragaloo
 
Cybertopicsecurity_3
Cybertopicsecurity_3Cybertopicsecurity_3
Cybertopicsecurity_3Anne Starr
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity AuditEC-Council
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFLaurie Mosca-Cocca
 

More Related Content

What's hot

Information Security Background
Information Security BackgroundInformation Security Background
Information Security BackgroundNicholas Davis
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
Information Risk Management Overview
Information Risk Management OverviewInformation Risk Management Overview
Information Risk Management Overviewelvinchan
 
Information Systems Security Review 2004
Information Systems Security Review 2004Information Systems Security Review 2004
Information Systems Security Review 2004Donald E. Hester
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...festival ICT 2016
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security ManagementEC-Council
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standardsprimeteacher32
 
Network security policies
Network security policiesNetwork security policies
Network security policiesUsman Mukhtar
 
Implementing security
Implementing securityImplementing security
Implementing securityDhani Ahmad
 
Risk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningRisk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningKeyaan Williams
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptxPiyush Jain
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Tammy Clark
 
Information risk management
Information risk managementInformation risk management
Information risk managementAkash Saraswat
 
Information Security Blueprint
Information Security BlueprintInformation Security Blueprint
Information Security BlueprintZefren Edior
 
Cybertopicsecurity_3
Cybertopicsecurity_3Cybertopicsecurity_3
Cybertopicsecurity_3Anne Starr
 

What's hot (20)

Security policy
Security policySecurity policy
Security policy
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
 
Information Risk Management Overview
Information Risk Management OverviewInformation Risk Management Overview
Information Risk Management Overview
 
Information Systems Security Review 2004
Information Systems Security Review 2004Information Systems Security Review 2004
Information Systems Security Review 2004
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security Management
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and Standards
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
 
Network security policies
Network security policiesNetwork security policies
Network security policies
 
Implementing security
Implementing securityImplementing security
Implementing security
 
Physical Security Management System
Physical Security Management SystemPhysical Security Management System
Physical Security Management System
 
Risk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningRisk Management and Security in Strategic Planning
Risk Management and Security in Strategic Planning
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptx
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!
 
Bis Chapter15
Bis Chapter15Bis Chapter15
Bis Chapter15
 
Information risk management
Information risk managementInformation risk management
Information risk management
 
Information Security Blueprint
Information Security BlueprintInformation Security Blueprint
Information Security Blueprint
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
 
Cybertopicsecurity_3
Cybertopicsecurity_3Cybertopicsecurity_3
Cybertopicsecurity_3
 

Similar to Role management

Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity AuditEC-Council
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFLaurie Mosca-Cocca
 
SMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSMSMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSMIvanti
 
Security and personnel bp11521
Security and personnel bp11521Security and personnel bp11521
Security and personnel bp11521Merlin Florrence
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016Prime Infoserv
 
For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfalokkesh
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...abhichowdary16
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62AlliedConSapCourses
 
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...GrapesTech Solutions
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
How to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValueHow to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValueRapidValue
 
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONSCYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONSSprintzeal
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk ManagementHamed Moghaddam
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of securityciso_insights
 
PTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAPTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAGeorge Delikouras
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Secure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingSecure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingCCI Training Center
 

Similar to Role management (20)

Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity Audit
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
 
SMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSMSMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSM
 
Security and personnel bp11521
Security and personnel bp11521Security and personnel bp11521
Security and personnel bp11521
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016
 
Topic11
Topic11Topic11
Topic11
 
For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdf
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62
 
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
How to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValueHow to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValue
 
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONSCYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of security
 
PTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAPTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIA
 
Information Security - I.T Project Management
Information Security - I.T Project ManagementInformation Security - I.T Project Management
Information Security - I.T Project Management
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Secure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingSecure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security Training
 

Recently uploaded

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 

Recently uploaded (20)

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 

Role management

  • 2. What to expect?  Understanding organization  IT Roles  Where to locate IT security?  Top Management Support  Relationships with other departments  Outsourcing IT security
  • 3. Understanding Organization  Comprehensive security is not possible without proper security staff  Their placement  Relationships with other organizational units  Requires proper planning and allocation
  • 4. IT Roles  Chief Security Officer  The title usually used for head of security department  Application security engineer  Application security engineers maintain computer applications and software. They spend almost all their time in an office environment, with most of their work involving writing and testing software.  Security engineer  Security engineers are responsible for creating and implementing solutions that ensure an organization’s products and systems are secure.
  • 5. IT Roles  Network security engineer  Network security engineers play an essential part in the deployment, configuration, and administration of network- and security-related hardware and software. This includes firewalls, routers, network monitoring tools, and VPNs (virtual private networks). They are also tasked with performing network security risk assessments, and might be asked to help design network infrastructure.  Information security analyst  Information security analysts are responsible for examining security problems and finding solutions. Their duties include researching the industry, finding security threats, and developing strategies to ensure their organization remains secure.
  • 6. IT Roles  Security Manager  The title given to the responsible body of organization to manage security  IT security specialist  IT security specialists analyze an organization’s cybersecurity posture and its past breaches to understand how incidents occur and what needs to be done to prevent them. Given that IT and cybersecurity are such broad topics, organizations will usually have many IT security specialists, each one focusing on a specific area.
  • 7. Location of IT Security Department
  • 8. Within IT Department  Placing the IT security department within the information technology department is attractive because security and IT share many of the same technological skill set.  Report to the responsible of IT of the organization directly, for instance, Chief Information Officer (CIO).  CIO will be accountable for security breaches  CIO will support the security department to create safe IT infrastructure  Easier to implement security changes.  Dependent of IT department
  • 9. Outside of IT Department  Easier to deal with other departments  Enforce security policies on IT department as well  Mostly advised option  Conflict with the IT department
  • 10. Hybrid Solution  Role segregation  Operational aspects are divided  IT maintains devices such as firewalls and others  Planning, policy making and auditing relates to security
  • 12. Top Management Support  Top management support is crucial to the success of any security program.  IT security is hard to succeed unless top management gives strong and consistent support.  Support of top management will help in the following:  Budget  Support in conflict  Setting personal examples
  • 14. Special Relationships  To be successful, the IT security department must develop productive relationships with other departments.  Some departments in an organization are of special importance to the IT security department
  • 15. HR Department  The relationship between HR and IT security should be rich.  HR is responsible of security training programs.  Controls the process of recruitment and termination of employees.  IT security should be involved in the recruitment and termination process to ensure security issues are taken into account.  HR is involved in penalities when employees break security rules.
  • 16. The legal Department  Legal department deals with all the issues related to a countries law and regulations.  It is important to have good relationships with legal department  Legal department should ensure that security policies are legally sound  The legal department should be involved if security incident happens
  • 17. Audit Department  Most of the big companies such as banks have internal audit department.  This department examines organizational units for efficiency, effectiveness and adequate controls.  The IT audit department examines the efficiency, effectiveness and controls of processes involving information technology.  IT security audit is usually placed under one of the audit departments. Not the IT security department  This makes the IT security audit independent of IT security department
  • 18. All other departments  The security department should have good relationships with all the departments in the organization  Security department is not about developing and distributing policies to other departments  Other departments does not trust security department because security makes life harder  It is important to have good relationships with other department to have a conflict free and successful security
  • 20. Outsourcing  It is not common to fully outsource IT security  However, it is an option  Most companies outsource some of the IT security  This allows companies not to lose control of their security
  • 21. Email Outsourcing  The most common IT security outsourcing is for email  Email connections to and from the Internet are routed through the outsourcer  The outsourcer provides inbound and outbound filtering  This avoids spam and malware in attachments and scripts in email bodies  Outsourcing email filtering is effective because filtering is becoming a highly specialized field  Email filtering relies on rapid response to new threats  Lists of dangerous email sources are updated hourly or even more rapidly
  • 22. Managed Security Service Provider  This is outsourcing alternative to delegate even more controls to an outside firm  This firm is generally known as Managed Security Service Provider (MSSP)  MSSP places a central logging server on your network.  Ther server uploads the firm’s event log data to MSSP site.  Security experts and security scanning programs checks the logs and alert in case of an incident
  • 23. Why use MSSP?  Security experts are expected to sit idle most of the time because incidents do not happen regularly  Internal security experts might not be as capable as the MSSP security experts due to the extent of security events MSSP handles every day.  MSSP is independent and will not make exceptions in the companies policy for any top management staff  MSSP can observe the IT staff of the company
  • 24. Continued  All controls should not be given to MSSP  Policy development and planning are very important for the organization to handle  Contract should be specific even in simple matters  MSSP should be regularly checked with  Poor job by MSSP can cause great damages to the company
  • 26. What is ITAM?  IT Asset Management (ITAM) is defined as the set of business practices that join financial, contractual and inventory functions to support lifecycle management and strategic decision making for the IT environment in support of the organization’s overall business objectives.
  • 27. Why do ITAM?  Manage IT Assets so that maximum value is gained from the use of the assets across the lifecycle and beyond  Value is: • Financial accountability • Risk reduction such as through proper disposition of waste • Efficiency, performance • Customer satisfaction • Control, long-term manageability
  • 28. Key Process Areas Acquisition Management Disposal Management Policy Management Asset Identification Documentation Management Program Management Compliance Management Financial Management Project Management Communication and Education Management Legislation Management Vendor Management
  • 29. To Manage or Not to Manage?  Cost of asset  Volume in the environment  Life expectancy  Risk factors if not managed  Security risks  Loss of productivity  Sarbanes Oxley & other legislation  Redeployment  Leased  Mobility of asset  Cost of building the IT asset management processes
  • 30. Commonly Managed Assets  Software – Licensing compliance risk – high cost and audits  Mainframes – high cost  Laptops – mobility, cost, risk factors  Desktops – redeployment candidate, often leased  BYOD devices – risk factors  Telecom – division of ownership  Servers – cost, risk to business continuity Should we Manage?  Printers  Monitors  Hub, routers, firewalls
  • 31. IT Asset Management Policies  Policies govern behaviors within the organization. The purpose of asset management policies are to have assets that are:  Trackable  Maintainable  Cost effective  Used for the good of the organization  Topics are many times buried in policies with other names such as Security, Acceptable use, Disaster Recovery, Expenses, etc.
  • 32. Policy Topics for Asset Management  Privacy – no expectation of privacy  Prohibited use – limitations on use of equipment and or software  Personal use – rules for use non-business  Use of non-corporate assets on the network – BYOD devices and software allowed? Dialing in from home?  Physical security of the equipment – loss and theft prevention, usually in the Security policy  Commitment to energy conservation – Energy Star program, monitor sleep settings  Environmental Self Audit – policy for disclosure, escalation methods
  • 33. End of Lifecycle  Redeployment  Retirement  Re-use