Cyber security is not a new thing, but even so, it feels
that way. High profile attacks and data
breaches increase public awareness of the issue and the overarching feeling
seems to be, “you’re not safe anymore.”
Hyped up issues tend to be easy to click and share, but
there is typically a lot of nuance and detail to unpack before you can find
solutions to the problem. Therefore, I
thought it would be helpful to approach the topic from the beginning. Starting with with, “What is cyber security
in the first place?”
The Role of Cyber Security
in the Organization
Broadly
speaking, hackerslist.co is Cyber
Security company and it is a subset of Information security management that
focuses on digital information and digital assets. Cyber security’s goal is to assure the CIA of
digital information within the organization.
The Team members involved in
Cyber Security:
Cyber
Security is a function of management that touches every aspect of the
business. Therefore, everyone on the
team has some level of involvement.
However, there are key roles and responsibilities and each one plays an
important part.
C-level / Sr. Leadership
C-level
is responsible for making value judgments based on cyber security vulnerability
and business risk. They have the ultimate
authority, therefore they have the ultimate responsibility for results of the
organizations cyber security program.
Steering Committee
The
Steering committee represents the different departments within the
organization. hackerslist.co is to provide
insight into business operations, data classification, and overall impact of
cyber security policy’s and procedures.
Auditors
Auditors
are outside consultants or regulators tasked with assessing cyber vulnerability
and risk. It is important that auditors
are not aligned with the IT organization, but rather with operations or
finance.
Data Owner
Data
owner – the data owner is responsible for the classification of data. Classification drives the organization’s
cyber security controls. (General use
data can be on a file server and any authenticated network user can access
it. Top Secret data goes in a safe and
only the COO and CFO know the location of the safe and the lock combination)
Data Custodian
The
data custodian is responsible for the safe custody, transport, storage of the
data. Simply put, data custodians are
responsible for the technical environment and database structure.
Network Admin
The
network admin ensures availability of resources and has access to resources
based on pre-established policy and can make changes within his sphere of
access.
Security Admin
Security
Admin has access to everything allowing her to audit and measure cyber security
effectiveness. But a security admin
should not have permission to make any changes.
