Good day all,
If you are going to start a security team in a newly founded IT
organization, what will the objectives/results be?
Thanks,
Ramy
The answer will depend heavily on the organization that contains the IT
group. The right answers will be different for a bank, an ISP, a
Fortune500, or a large university. The location (country and
state/province) and legal requirements for the company will also
matter - I have to worry about FERPA, Comcast probably doesn't...
Nevertheless, some broad common objectives exist.
IMO, no one summarizes it better than Richard Bejtlich, in his
"Defensible Network Architecture 2.0":
https://taosecurity.blogspot.com/2008/01/defensible-network-architecture-20.html
The corresponding metrics for measuring results/progress would be more
specific to the type of org.
Royce
Royce
You are absolutely right, sorry for missing that, the organization is an
ISP.
Ramy
Hi Ramy,
Sounds like you're putting the cart before the horse. Understand your
security objectives first. That will determine the nature of the
security team or indeed, if there should be a specific security team
at all or some other security structure.
Some common security objectives include:
* Compliance with customer and vendor requirements
* Loss prevention
* Avoidance of legal liability for system compromise
* Avoidance of brand damage due to system compromise
* Operations continuity
Regards,
Bill Herrin