Tuesday, 26 May 2020

hackerslist.co - Cyber Security Roles and Responsibilities


Cyber security is not a new thing, but even so, it feels that way.  High profile attacks and data breaches increase public awareness of the issue and the overarching feeling seems to be, “you’re not safe anymore.”

Hyped up issues tend to be easy to click and share, but there is typically a lot of nuance and detail to unpack before you can find solutions to the problem.  Therefore, I thought it would be helpful to approach the topic from the beginning.  Starting with with, “What is cyber security in the first place?”

The Role of Cyber Security in the Organization

Broadly speaking, hackerslist.co is Cyber Security company and it is a subset of Information security management that focuses on digital information and digital assets.  Cyber security’s goal is to assure the CIA of digital information within the organization.

The Team members involved in Cyber Security:

Cyber Security is a function of management that touches every aspect of the business.  Therefore, everyone on the team has some level of involvement.  However, there are key roles and responsibilities and each one plays an important part.

C-level / Sr. Leadership

C-level is responsible for making value judgments based on cyber security vulnerability and business risk.  They have the ultimate authority, therefore they have the ultimate responsibility for results of the organizations cyber security program.

Steering Committee

The Steering committee represents the different departments within the organization. hackerslist.co is to provide insight into business operations, data classification, and overall impact of cyber security policy’s and procedures.

Auditors

Auditors are outside consultants or regulators tasked with assessing cyber vulnerability and risk.  It is important that auditors are not aligned with the IT organization, but rather with operations or finance.



Data Owner

Data owner – the data owner is responsible for the classification of data.    Classification drives the organization’s cyber security controls.  (General use data can be on a file server and any authenticated network user can access it.  Top Secret data goes in a safe and only the COO and CFO know the location of the safe and the lock combination)

Data Custodian

The data custodian is responsible for the safe custody, transport, storage of the data.  Simply put, data custodians are responsible for the technical environment and database structure.

Network Admin

The network admin ensures availability of resources and has access to resources based on pre-established policy and can make changes within his sphere of access.

Security Admin

Security Admin has access to everything allowing her to audit and measure cyber security effectiveness.  But a security admin should not have permission to make any changes.

No comments:

Post a Comment