Discover the Teams That Implement Cybersecurity
The cybersecurity team cannot function alone. It needs to work with teams skilled in implementing security measures at the operational level: the IT team, the development team, and so on.
How do these teams implement security on a day-to-day basis?
The IT team, which we already introduced you to during the Everwell Hospital crisis, carries out a number of tasks to prevent cyberattacks, including:
managing access controls to the organization’s information system (applications, equipment, infrastructure, etc.).
keeping an inventory of information system components and ensuring that these assets are properly managed throughout their lifecycle.
managing the equipment (workstations, etc.) that the organization’s employees use (provisioning it, protecting it, disposing of it).
ensuring that the infrastructure (servers, network, applications, etc.) is available.
To carry out these tasks, the IT team needs to coordinate closely with the cybersecurity team when it comes to choosing tools, implementing them and setting up controls.
The development team is responsible for coding the organization’s business tools, so they’re also involved in implementing security measures. Poorly thought-out and poorly written code may introduce vulnerabilities or security loopholes that could lead to data theft, website unavailability, or worse.
But who helps these teams understand cybersecurity issues that are not part of their core work?
Get to Know the People Behind Application Security and Development
The challenge is to introduce security as early as possible in the projects these teams are working on. This concept is known as security by design and by default. In an ideal world, a cybersecurity expert would not need to be available to support development teams, as they would integrate security into their day-to-day practices. As we haven’t achieved this goal yet, security by design and by default requires significant collaboration between the development team and the cybersecurity team.
To help implement this, there is a role for an application security engineer/manager and potentially for “security champions” (developers who help amplify the security message) within the development team. The integration of security into the development chain is also referred to as DevSecOps.
The person or team responsible for application security ensures that development teams take security requirements into account. Their main tasks are to:
define application security requirements and support developers in implementing them.
take part in code security reviews to check that developers have implemented the security requirements.
follow up on the correction of detected vulnerabilities.
Thinking of security as you would any other feature of a project or solution will be key to these roles in the future! And it doesn’t just apply to development teams—it applies to every team involved in a project.
Okay, but who defines what we need to do to ensure that projects are secure at every level?
Find out Who Designs Secure Systems, Networks and Infrastructure
You’re right. If we’re going to define security requirements as early as possible, then every project supported by an information system component needs to be given guidance.
The role of security architect exists precisely for this purpose. Security architects are responsible for the technical choices made for each project and for ensuring that projects comply with security requirements. Their main tasks are to:
design solutions (infrastructure, system, software, service, equipment, etc.) that are secure from the outset.
create and improve architecture models and security architecture specifications.
monitor the implementation of the defined architecture alongside the project teams (business, development, etc.).
suggest ways of improving the architecture in response to new threats and identified risks.
So, how do we now ensure that the measures we’ve put in place are working?
That’s exactly what we’ll be looking at in the next few paragraphs.
Meet the People Who Monitor Information System Security
There are a number of roles involved in controlling security levels. These roles may be in-house or outsourced, depending on the size of the organization and its requirements (independence, objectivity):
Cybersecurity auditors conduct independent cybersecurity assessments on specific compliance topics such as compliance with ISO 27001, GDPR, and other frameworks. They check that companies have properly documented their processes and are complying with the rules.
Technical security auditors or penetration testers (also known simply as “pentesters”) assess the effectiveness of the technical security measures implemented to protect the system. They test security by simulating attacks and suggest corrective actions to address any vulnerabilities found.
As well as assessing an organization’s—or a specific part of an organization’s—level of security at a given point in time, the aim of these audits is to drive continuous improvement in security.
Let’s Recap!
In this chapter, you met the teams who actually deploy cybersecurity in organizations:
You first met the IT and development teams, whose work is essential in preventing cyberattacks.
You discovered the concept of security by design and the application security teams or security champions who play an active role in supporting it.
You learned about the role of the security architect, who designs systems based on cybersecurity best practices.
Lastly, you learned that auditors monitor how mature an organization’s security is.
This operational deployment is only possible because there are teams managing priorities on a risk and compliance basis. Join me in getting to know them next!
