SlideShare a Scribd company logo

Role management

Download as PPTX, PDF
Abidullah Zarghoon
Abidullah Zarghoon

The document discusses various topics related to role management in IT security, including: - IT security roles such as the chief security officer, security engineer, and information security analyst. - Where the IT security department should be located within an organization, including options of being within the IT department, outside of IT, or a hybrid solution. - The importance of top management support for IT security, as well as developing relationships with other departments such as HR, legal, and audit. - Outsourcing some IT security functions to managed security service providers or other firms to leverage external expertise, though all controls should not be outsourced.

Technology
1 of 34
Role Management ABIDULLAH ZARGHOON
What to expect?  Understanding organization  IT Roles  Where to locate IT security?  Top Management Support  Relationships with other departments  Outsourcing IT security
Understanding Organization  Comprehensive security is not possible without proper security staff  Their placement  Relationships with other organizational units  Requires proper planning and allocation
IT Roles  Chief Security Officer  The title usually used for head of security department  Application security engineer  Application security engineers maintain computer applications and software. They spend almost all their time in an office environment, with most of their work involving writing and testing software.  Security engineer  Security engineers are responsible for creating and implementing solutions that ensure an organization’s products and systems are secure.
IT Roles  Network security engineer  Network security engineers play an essential part in the deployment, configuration, and administration of network- and security-related hardware and software. This includes firewalls, routers, network monitoring tools, and VPNs (virtual private networks). They are also tasked with performing network security risk assessments, and might be asked to help design network infrastructure.  Information security analyst  Information security analysts are responsible for examining security problems and finding solutions. Their duties include researching the industry, finding security threats, and developing strategies to ensure their organization remains secure.
IT Roles  Security Manager  The title given to the responsible body of organization to manage security  IT security specialist  IT security specialists analyze an organization’s cybersecurity posture and its past breaches to understand how incidents occur and what needs to be done to prevent them. Given that IT and cybersecurity are such broad topics, organizations will usually have many IT security specialists, each one focusing on a specific area.
Location of IT Security Department
Within IT Department  Placing the IT security department within the information technology department is attractive because security and IT share many of the same technological skill set.  Report to the responsible of IT of the organization directly, for instance, Chief Information Officer (CIO).  CIO will be accountable for security breaches  CIO will support the security department to create safe IT infrastructure  Easier to implement security changes.  Dependent of IT department
Outside of IT Department  Easier to deal with other departments  Enforce security policies on IT department as well  Mostly advised option  Conflict with the IT department
Hybrid Solution  Role segregation  Operational aspects are divided  IT maintains devices such as firewalls and others  Planning, policy making and auditing relates to security
Top Management Support
Top Management Support  Top management support is crucial to the success of any security program.  IT security is hard to succeed unless top management gives strong and consistent support.  Support of top management will help in the following:  Budget  Support in conflict  Setting personal examples
Relationships with other Departments
Special Relationships  To be successful, the IT security department must develop productive relationships with other departments.  Some departments in an organization are of special importance to the IT security department
HR Department  The relationship between HR and IT security should be rich.  HR is responsible of security training programs.  Controls the process of recruitment and termination of employees.  IT security should be involved in the recruitment and termination process to ensure security issues are taken into account.  HR is involved in penalities when employees break security rules.
The legal Department  Legal department deals with all the issues related to a countries law and regulations.  It is important to have good relationships with legal department  Legal department should ensure that security policies are legally sound  The legal department should be involved if security incident happens
Audit Department  Most of the big companies such as banks have internal audit department.  This department examines organizational units for efficiency, effectiveness and adequate controls.  The IT audit department examines the efficiency, effectiveness and controls of processes involving information technology.  IT security audit is usually placed under one of the audit departments. Not the IT security department  This makes the IT security audit independent of IT security department
All other departments  The security department should have good relationships with all the departments in the organization  Security department is not about developing and distributing policies to other departments  Other departments does not trust security department because security makes life harder  It is important to have good relationships with other department to have a conflict free and successful security
Outsourcing IT Security
Outsourcing  It is not common to fully outsource IT security  However, it is an option  Most companies outsource some of the IT security  This allows companies not to lose control of their security
Email Outsourcing  The most common IT security outsourcing is for email  Email connections to and from the Internet are routed through the outsourcer  The outsourcer provides inbound and outbound filtering  This avoids spam and malware in attachments and scripts in email bodies  Outsourcing email filtering is effective because filtering is becoming a highly specialized field  Email filtering relies on rapid response to new threats  Lists of dangerous email sources are updated hourly or even more rapidly
Managed Security Service Provider  This is outsourcing alternative to delegate even more controls to an outside firm  This firm is generally known as Managed Security Service Provider (MSSP)  MSSP places a central logging server on your network.  Ther server uploads the firm’s event log data to MSSP site.  Security experts and security scanning programs checks the logs and alert in case of an incident
Why use MSSP?  Security experts are expected to sit idle most of the time because incidents do not happen regularly  Internal security experts might not be as capable as the MSSP security experts due to the extent of security events MSSP handles every day.  MSSP is independent and will not make exceptions in the companies policy for any top management staff  MSSP can observe the IT staff of the company
Continued  All controls should not be given to MSSP  Policy development and planning are very important for the organization to handle  Contract should be specific even in simple matters  MSSP should be regularly checked with  Poor job by MSSP can cause great damages to the company
IT Asset Management (ITAM)
What is ITAM?  IT Asset Management (ITAM) is defined as the set of business practices that join financial, contractual and inventory functions to support lifecycle management and strategic decision making for the IT environment in support of the organization’s overall business objectives.
Why do ITAM?  Manage IT Assets so that maximum value is gained from the use of the assets across the lifecycle and beyond  Value is: • Financial accountability • Risk reduction such as through proper disposition of waste • Efficiency, performance • Customer satisfaction • Control, long-term manageability
Key Process Areas Acquisition Management Disposal Management Policy Management Asset Identification Documentation Management Program Management Compliance Management Financial Management Project Management Communication and Education Management Legislation Management Vendor Management
To Manage or Not to Manage?  Cost of asset  Volume in the environment  Life expectancy  Risk factors if not managed  Security risks  Loss of productivity  Sarbanes Oxley & other legislation  Redeployment  Leased  Mobility of asset  Cost of building the IT asset management processes
Commonly Managed Assets  Software – Licensing compliance risk – high cost and audits  Mainframes – high cost  Laptops – mobility, cost, risk factors  Desktops – redeployment candidate, often leased  BYOD devices – risk factors  Telecom – division of ownership  Servers – cost, risk to business continuity Should we Manage?  Printers  Monitors  Hub, routers, firewalls
IT Asset Management Policies  Policies govern behaviors within the organization. The purpose of asset management policies are to have assets that are:  Trackable  Maintainable  Cost effective  Used for the good of the organization  Topics are many times buried in policies with other names such as Security, Acceptable use, Disaster Recovery, Expenses, etc.
Policy Topics for Asset Management  Privacy – no expectation of privacy  Prohibited use – limitations on use of equipment and or software  Personal use – rules for use non-business  Use of non-corporate assets on the network – BYOD devices and software allowed? Dialing in from home?  Physical security of the equipment – loss and theft prevention, usually in the Security policy  Commitment to energy conservation – Energy Star program, monitor sleep settings  Environmental Self Audit – policy for disclosure, escalation methods
End of Lifecycle  Redeployment  Retirement  Re-use
Thank You!

Recommended

Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organization
Dan Morrill
 
How to write an IT security policy guide - Tareq Hanaysha
How to write an IT security policy guide - Tareq HanayshaHow to write an IT security policy guide - Tareq Hanaysha
How to write an IT security policy guide - Tareq Hanaysha
Hanaysha
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011
codka
 
develop security policy
develop security policydevelop security policy
develop security policy
Info-Tech Research Group
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ Infrastructure
Priyank Hada
 
Information security management iso27001
Information security management iso27001Information security management iso27001
Information security management iso27001
Hiran Kanishka
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awareness
newbie2019
 
1. security management practices
1. security management practices1. security management practices
1. security management practices
7wounders
 

Recommended

Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organization
Dan Morrill
 
How to write an IT security policy guide - Tareq Hanaysha
How to write an IT security policy guide - Tareq HanayshaHow to write an IT security policy guide - Tareq Hanaysha
How to write an IT security policy guide - Tareq Hanaysha
Hanaysha
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011
codka
 
develop security policy
develop security policydevelop security policy
develop security policy
Info-Tech Research Group
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ Infrastructure
Priyank Hada
 
Information security management iso27001
Information security management iso27001Information security management iso27001
Information security management iso27001
Hiran Kanishka
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awareness
newbie2019
 
1. security management practices
1. security management practices1. security management practices
1. security management practices
7wounders
 
Security policy
Security policySecurity policy
Security policy
Dhani Ahmad
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
Nicholas Davis
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
charlesgarrett
 
Information Risk Management Overview
Information Risk Management OverviewInformation Risk Management Overview
Information Risk Management Overview
elvinchan
 
Information Systems Security Review 2004
Information Systems Security Review 2004Information Systems Security Review 2004
Information Systems Security Review 2004
Donald E. Hester
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
festival ICT 2016
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security Management
EC-Council
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and Standards
Directorate of Information Security | Ditjen Aptika
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
primeteacher32
 
Network security policies
Network security policiesNetwork security policies
Network security policies
Usman Mukhtar
 
Implementing security
Implementing securityImplementing security
Implementing security
Dhani Ahmad
 
Physical Security Management System
Physical Security Management SystemPhysical Security Management System
Physical Security Management System
Daniel Suchy, CPP, MSyI
 
Risk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningRisk Management and Security in Strategic Planning
Risk Management and Security in Strategic Planning
Keyaan Williams
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptx
Piyush Jain
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!
Tammy Clark
 
Bis Chapter15
Bis Chapter15Bis Chapter15
Bis Chapter15
Chun Hoi Lam
 
Information risk management
Information risk managementInformation risk management
Information risk management
Akash Saraswat
 
Information Security Blueprint
Information Security BlueprintInformation Security Blueprint
Information Security Blueprint
Zefren Edior
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
Maganathin Veeraragaloo
 
Cybertopicsecurity_3
Cybertopicsecurity_3Cybertopicsecurity_3
Cybertopicsecurity_3
Anne Starr
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity Audit
EC-Council
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
Laurie Mosca-Cocca
 

More Related Content

What's hot

Security policy
Security policySecurity policy
Security policy
Dhani Ahmad
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
Nicholas Davis
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
charlesgarrett
 
Information Risk Management Overview
Information Risk Management OverviewInformation Risk Management Overview
Information Risk Management Overview
elvinchan
 
Information Systems Security Review 2004
Information Systems Security Review 2004Information Systems Security Review 2004
Information Systems Security Review 2004
Donald E. Hester
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
festival ICT 2016
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security Management
EC-Council
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and Standards
Directorate of Information Security | Ditjen Aptika
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
primeteacher32
 
Network security policies
Network security policiesNetwork security policies
Network security policies
Usman Mukhtar
 
Implementing security
Implementing securityImplementing security
Implementing security
Dhani Ahmad
 
Physical Security Management System
Physical Security Management SystemPhysical Security Management System
Physical Security Management System
Daniel Suchy, CPP, MSyI
 
Risk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningRisk Management and Security in Strategic Planning
Risk Management and Security in Strategic Planning
Keyaan Williams
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptx
Piyush Jain
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!
Tammy Clark
 
Bis Chapter15
Bis Chapter15Bis Chapter15
Bis Chapter15
Chun Hoi Lam
 
Information risk management
Information risk managementInformation risk management
Information risk management
Akash Saraswat
 
Information Security Blueprint
Information Security BlueprintInformation Security Blueprint
Information Security Blueprint
Zefren Edior
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
Maganathin Veeraragaloo
 
Cybertopicsecurity_3
Cybertopicsecurity_3Cybertopicsecurity_3
Cybertopicsecurity_3
Anne Starr
 

What's hot (20)

Security policy
Security policySecurity policy
Security policy
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
 
Information Risk Management Overview
Information Risk Management OverviewInformation Risk Management Overview
Information Risk Management Overview
 
Information Systems Security Review 2004
Information Systems Security Review 2004Information Systems Security Review 2004
Information Systems Security Review 2004
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security Management
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and Standards
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
 
Network security policies
Network security policiesNetwork security policies
Network security policies
 
Implementing security
Implementing securityImplementing security
Implementing security
 
Physical Security Management System
Physical Security Management SystemPhysical Security Management System
Physical Security Management System
 
Risk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningRisk Management and Security in Strategic Planning
Risk Management and Security in Strategic Planning
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptx
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!
 
Bis Chapter15
Bis Chapter15Bis Chapter15
Bis Chapter15
 
Information risk management
Information risk managementInformation risk management
Information risk management
 
Information Security Blueprint
Information Security BlueprintInformation Security Blueprint
Information Security Blueprint
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
 
Cybertopicsecurity_3
Cybertopicsecurity_3Cybertopicsecurity_3
Cybertopicsecurity_3
 

Similar to Role management

Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity Audit
EC-Council
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
Laurie Mosca-Cocca
 
SMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSMSMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSM
Ivanti
 
Security and personnel bp11521
Security and personnel bp11521Security and personnel bp11521
Security and personnel bp11521
Merlin Florrence
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016
Prime Infoserv
 
Topic11
Topic11Topic11
Topic11
Anne Starr
 
For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdf
alokkesh
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
abhichowdary16
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62
AlliedConSapCourses
 
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
GrapesTech Solutions
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
Sirius
 
How to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValueHow to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValue
RapidValue
 
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONSCYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
Sprintzeal
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
Hamed Moghaddam
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
Dam Frank
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of security
ciso_insights
 
PTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAPTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIA
George Delikouras
 
Information Security - I.T Project Management
Information Security - I.T Project ManagementInformation Security - I.T Project Management
Information Security - I.T Project Management
We Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
Secure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingSecure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security Training
CCI Training Center
 

Similar to Role management (20)

Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity Audit
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
 
SMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSMSMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSM
 
Security and personnel bp11521
Security and personnel bp11521Security and personnel bp11521
Security and personnel bp11521
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016
 
Topic11
Topic11Topic11
Topic11
 
For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdf
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62
 
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
How to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValueHow to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValue
 
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONSCYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of security
 
PTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAPTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIA
 
Information Security - I.T Project Management
Information Security - I.T Project ManagementInformation Security - I.T Project Management
Information Security - I.T Project Management
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Secure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingSecure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security Training
 

Recently uploaded

HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 

Recently uploaded (20)

HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Artificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic WarfareArtificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic Warfare
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 

Role management

  • 2. What to expect?  Understanding organization  IT Roles  Where to locate IT security?  Top Management Support  Relationships with other departments  Outsourcing IT security
  • 3. Understanding Organization  Comprehensive security is not possible without proper security staff  Their placement  Relationships with other organizational units  Requires proper planning and allocation
  • 4. IT Roles  Chief Security Officer  The title usually used for head of security department  Application security engineer  Application security engineers maintain computer applications and software. They spend almost all their time in an office environment, with most of their work involving writing and testing software.  Security engineer  Security engineers are responsible for creating and implementing solutions that ensure an organization’s products and systems are secure.
  • 5. IT Roles  Network security engineer  Network security engineers play an essential part in the deployment, configuration, and administration of network- and security-related hardware and software. This includes firewalls, routers, network monitoring tools, and VPNs (virtual private networks). They are also tasked with performing network security risk assessments, and might be asked to help design network infrastructure.  Information security analyst  Information security analysts are responsible for examining security problems and finding solutions. Their duties include researching the industry, finding security threats, and developing strategies to ensure their organization remains secure.
  • 6. IT Roles  Security Manager  The title given to the responsible body of organization to manage security  IT security specialist  IT security specialists analyze an organization’s cybersecurity posture and its past breaches to understand how incidents occur and what needs to be done to prevent them. Given that IT and cybersecurity are such broad topics, organizations will usually have many IT security specialists, each one focusing on a specific area.
  • 7. Location of IT Security Department
  • 8. Within IT Department  Placing the IT security department within the information technology department is attractive because security and IT share many of the same technological skill set.  Report to the responsible of IT of the organization directly, for instance, Chief Information Officer (CIO).  CIO will be accountable for security breaches  CIO will support the security department to create safe IT infrastructure  Easier to implement security changes.  Dependent of IT department
  • 9. Outside of IT Department  Easier to deal with other departments  Enforce security policies on IT department as well  Mostly advised option  Conflict with the IT department
  • 10. Hybrid Solution  Role segregation  Operational aspects are divided  IT maintains devices such as firewalls and others  Planning, policy making and auditing relates to security
  • 12. Top Management Support  Top management support is crucial to the success of any security program.  IT security is hard to succeed unless top management gives strong and consistent support.  Support of top management will help in the following:  Budget  Support in conflict  Setting personal examples
  • 14. Special Relationships  To be successful, the IT security department must develop productive relationships with other departments.  Some departments in an organization are of special importance to the IT security department
  • 15. HR Department  The relationship between HR and IT security should be rich.  HR is responsible of security training programs.  Controls the process of recruitment and termination of employees.  IT security should be involved in the recruitment and termination process to ensure security issues are taken into account.  HR is involved in penalities when employees break security rules.
  • 16. The legal Department  Legal department deals with all the issues related to a countries law and regulations.  It is important to have good relationships with legal department  Legal department should ensure that security policies are legally sound  The legal department should be involved if security incident happens
  • 17. Audit Department  Most of the big companies such as banks have internal audit department.  This department examines organizational units for efficiency, effectiveness and adequate controls.  The IT audit department examines the efficiency, effectiveness and controls of processes involving information technology.  IT security audit is usually placed under one of the audit departments. Not the IT security department  This makes the IT security audit independent of IT security department
  • 18. All other departments  The security department should have good relationships with all the departments in the organization  Security department is not about developing and distributing policies to other departments  Other departments does not trust security department because security makes life harder  It is important to have good relationships with other department to have a conflict free and successful security
  • 20. Outsourcing  It is not common to fully outsource IT security  However, it is an option  Most companies outsource some of the IT security  This allows companies not to lose control of their security
  • 21. Email Outsourcing  The most common IT security outsourcing is for email  Email connections to and from the Internet are routed through the outsourcer  The outsourcer provides inbound and outbound filtering  This avoids spam and malware in attachments and scripts in email bodies  Outsourcing email filtering is effective because filtering is becoming a highly specialized field  Email filtering relies on rapid response to new threats  Lists of dangerous email sources are updated hourly or even more rapidly
  • 22. Managed Security Service Provider  This is outsourcing alternative to delegate even more controls to an outside firm  This firm is generally known as Managed Security Service Provider (MSSP)  MSSP places a central logging server on your network.  Ther server uploads the firm’s event log data to MSSP site.  Security experts and security scanning programs checks the logs and alert in case of an incident
  • 23. Why use MSSP?  Security experts are expected to sit idle most of the time because incidents do not happen regularly  Internal security experts might not be as capable as the MSSP security experts due to the extent of security events MSSP handles every day.  MSSP is independent and will not make exceptions in the companies policy for any top management staff  MSSP can observe the IT staff of the company
  • 24. Continued  All controls should not be given to MSSP  Policy development and planning are very important for the organization to handle  Contract should be specific even in simple matters  MSSP should be regularly checked with  Poor job by MSSP can cause great damages to the company
  • 26. What is ITAM?  IT Asset Management (ITAM) is defined as the set of business practices that join financial, contractual and inventory functions to support lifecycle management and strategic decision making for the IT environment in support of the organization’s overall business objectives.
  • 27. Why do ITAM?  Manage IT Assets so that maximum value is gained from the use of the assets across the lifecycle and beyond  Value is: • Financial accountability • Risk reduction such as through proper disposition of waste • Efficiency, performance • Customer satisfaction • Control, long-term manageability
  • 28. Key Process Areas Acquisition Management Disposal Management Policy Management Asset Identification Documentation Management Program Management Compliance Management Financial Management Project Management Communication and Education Management Legislation Management Vendor Management
  • 29. To Manage or Not to Manage?  Cost of asset  Volume in the environment  Life expectancy  Risk factors if not managed  Security risks  Loss of productivity  Sarbanes Oxley & other legislation  Redeployment  Leased  Mobility of asset  Cost of building the IT asset management processes
  • 30. Commonly Managed Assets  Software – Licensing compliance risk – high cost and audits  Mainframes – high cost  Laptops – mobility, cost, risk factors  Desktops – redeployment candidate, often leased  BYOD devices – risk factors  Telecom – division of ownership  Servers – cost, risk to business continuity Should we Manage?  Printers  Monitors  Hub, routers, firewalls
  • 31. IT Asset Management Policies  Policies govern behaviors within the organization. The purpose of asset management policies are to have assets that are:  Trackable  Maintainable  Cost effective  Used for the good of the organization  Topics are many times buried in policies with other names such as Security, Acceptable use, Disaster Recovery, Expenses, etc.
  • 32. Policy Topics for Asset Management  Privacy – no expectation of privacy  Prohibited use – limitations on use of equipment and or software  Personal use – rules for use non-business  Use of non-corporate assets on the network – BYOD devices and software allowed? Dialing in from home?  Physical security of the equipment – loss and theft prevention, usually in the Security policy  Commitment to energy conservation – Energy Star program, monitor sleep settings  Environmental Self Audit – policy for disclosure, escalation methods
  • 33. End of Lifecycle  Redeployment  Retirement  Re-use