Meet the Organization’s Cybersecurity Chief
Earlier in this course, we touched on the CISO’s role in crisis management when they led one of the crisis units. But their responsibilities go far beyond crisis management. The CISO oversees cybersecurity from a number of angles: organization, internal and external coordination, and strategy.
Let’s take a closer look at what the CISO does to prevent and protect the organization from cyberattacks long before they strike:
They define the security strategy and roadmap for the parts of an organization the CISO is responsible for, based on what’s at stake and the risks identified.
They manage security recruitment, use of resources, and budgets.
They represent and embody security, both internally (with the executive team and employees) and externally (with regulatory authorities and customers).
They define security policies and oversee their operational implementation.
They foster a strong security culture and raise employee awareness.
They monitor compliance with security policies and procedures (ongoing controls and audits, for example).
The CISO may also play an operational role, helping to implement the defined roadmap, especially in larger organizations.
As you might expect, CISOs rely on external resources and security models widely used across the cybersecurity ecosystem when defining their strategy. You’ll find these in our Key Resources document.
One of the most popular models deployed in recent years is Zero Trust.
Does Zero Trust mean we trust no one?
Not exactly! Implementing the Zero Trust principle means checking that the identity of the person performing actions on the information system is actually who you think it is. This is similar to ID checks at the airport—you have to present your identity documents at several strategic points before you can board your plane.
Do CISOs do all this on their own? If so, they’re real superheroes!
Of course not. The CISO can’t carry out all these tasks alone. You’ve seen that internal and external communication is part of their duties, as is recruiting their team and raising employee awareness. For these activities, support from the human resources and communications teams is essential!
HR teams are involved in a wide range of issues to ensure the security of the organization’s information before, during and after hiring an employee: recruitment, awareness-raising, training, disciplinary processes, managing starters and leavers, and so on. Their support is crucial.
During the crisis at the Everwell Hospital, they played a key role in managing employee-related issues: paying salaries when the information system was not working normally, devising staff rosters during crisis management, and so on.
Communications teams play a key role in crisis management, too, as we saw earlier with the Everwell Hospital. But they are equally useful in preventing cyberattacks, preparing internal and external communication materials, developing a crisis communication strategy in advance, and so on.
Great! So, all these teams collaborate with and within the cybersecurity team, but I’m having trouble putting it all together.
Take a Step Back and Look at How the IT Security Team is Structured
We’ve talked about a lot of teams, and now it’s time to understand their structure and how they fit together.
Let’s start with the IT security team.
Most of the time, the IT security team is part of the IT team. It’s often made up of several sub-teams (or roles) which are overseen by the CISO. Here’s an example of how a company might structure the cybersecurity team:
The Governance, Risk and Compliance team. This team defines security rules and oversees their implementation. People in GRC roles do not require technical expertise, but they do require a good understanding of cybersecurity issues and the ability to assess and prioritize risks. We’ve already looked at the following GRC roles:
Risk analyst
Compliance officer
Crisis manager
Cybersecurity auditor
The Application and System Security team. The people in these roles define, implement and monitor the security of the information system’s technical components:
Security architect
Application security manager
Technical auditor (pentester)
The Operational Security team. These are the technical teams who manage the various steps, from detecting security incidents to responding to them:
SOC analyst and SOC manager
Threat analyst
CERT/CSIRT analyst and CERT/CSIRT manager
Let’s not forget the other teams we’ve mentioned who work closely with the cybersecurity team:
Technical aspects and operational implementation:
IT team
Development team
Cross-functional teams:
Risk team
Legal team
HR team
Communications team
Lastly, remember that all this takes place within a complex ecosystem, involving many people working hard to increase cybersecurity maturity!
Let’s Recap!
In this chapter, you finally discovered who heads up the cybersecurity team and how the other teams interact with it. You also:
learned that the CISO is key to defining strategy, setting team priorities, and ensuring good communication with all stakeholders.
saw a possible way of structuring the cybersecurity team—within the IT team.
It’s now time to turn to the leading character in this course: you! Whether you’re tempted by a career in cybersecurity or not, you can still play an active part in it. Keep going with this course and you’ll learn how you can play your part in improving cybersecurity!