How to build an ideal CISO team

Enterprise 2020-11-10 13:55:03 views: null

With the increasing proportion of network security in enterprise informatization, the role of people engaged in security work in the enterprise is also gradually changing, from the beginning of the enterprise’s IT operation and maintenance personnel to the full-time IT One of the major changes for security operation and maintenance personnel is the emergence of the CISO (Corporate Chief Information Security Officer) role, and this role is gradually becoming independent from the CIO structure, reporting directly to the CEO and participating in the decision-making work of the enterprise. A perfect CISO structure becomes an important symbol of enterprise modernization. We are here to learn from a research report from Carnegie Mellon University, and try to build an ideal corporate CISO team.

Four key functional directions of CISO:

  1. Protection, Shield, Defend & Prevent (Protect, Shield, Defend & Prevent) to
    ensure that employees, policies, procedures, practices and technologies of the company can be actively protected and blocked to prevent the company from cyber threats and prevent cyber security incidents from occurring or recurring occur;

  2. Monitor, Detect & Hunt (Monitor, Detect & Hunt)
    ensures the relevant monitoring operations of employees, policies, processes, practices and technologies of the enterprise, actively seeks and discovers security vulnerabilities and risks, and reports suspicious and unauthorized incidents as soon as possible;

  3. Respond to, recover and maintain (Rsponse, Recover & Sustain)
    when a cyber security incident occurs, minimize the scope and extent of its impact, and quickly restore the normal work flow of the company's employees, policies, processes, practices, and technologies, so that assets can be recovered as soon as possible In normal operation, the assets here include technology, information, personnel, facilities and supply chain, etc.; drivers and related industries and management departments provide electronic license services.

  4. Governance, management, compliance, education and risk management (Govern, Manage, Comply, Education & Manage Risk)
    ensure that the company’s leadership, employees, policies, processes, practices, and technology processes can participate in the continuous process of all cyber security activities Supervision, management, performance evaluation and correction, and ensure that the safety activities meet all external and internal requirements, and reduce corresponding risks for the company.

CISO organizational structure
Insert picture description here
According to the responsibilities of CISO in the enterprise, the following CISO organizational structure is defined, including five major departments. The functions and activities of each department and sub-department are described in detail below:

Project Management Department (PM, Program Mgmt.)

The project management department of the CISO organization includes the three sub-departments shown in the figure.

Project Management Office (PMO, Program Mgmt. Office): Complete all related work of formulating and successfully implementing the information security project and the plan based on the project. These tasks include the following:

  • Develop, implement and maintain information security projects, plans and processes
  • Define the roles and responsibilities involved in information security
  • Allocate appropriate and qualified human resources to implement and complete the information security projects and plans formulated
  • Determine, manage and maintain the equipment resources needed to implement information security projects and plans
  • Communicate with all internal and external parties involved in the project, including reporting relationships
  • Allocate and manage the funds required for all information security activities
  • Measure and monitor the cost consumption, implementation progress and completion quality of the information security plan
  • Identify the internal and external parties involved in the project and coordinate their participation in the implementation of the project
  • Report the implementation status of the information security plan to the top management of the enterprise
  • Identify, review, evaluate and properly use business functions that affect information security (SAAS, cloud, mobile devices, etc.)

Governance, Risk, and Compliance Department (GRC, Governance, Risk, and Compliance): Mainly complete reasonable supervision, risk management, and implement all laws, regulations, policies and other compliance related to information security. Related work. These tasks include the following:

  • Information security projects and plans: define, complete and enforce related information security strategies
  • Risk management: establish information security risk management strategies, processes and procedures
  • Governance: Governance and supervision of information security projects and plans (including Change Control Board (CCB) and other monitoring committees or groups)
  • Compliance: Ensure that security control measures are sufficient to meet security requirements; complete relevant audits

Personnel & External Relationships (PER, Personnel & External Relationships): Responsible for the communication and coordination of employees and related external personnel involved in the enterprise information security project. These tasks include the following:
External relations management includes:

  • Manage relationships with relevant third parties (suppliers, suppliers, contractors, partners, etc.)
  • Manage related public relations and (in the United States, such as NCCIC, NSA, DHS, CERT, FBI, media, etc.)

Personnel management includes the following:

  • Manage the life cycle and performance of the employee’s employment relationship in accordance with the following security policies and requirements (background investigation, succession planning, disciplinary action, dismissal, etc.)
  • Manage the knowledge, skills, abilities and distribution of the information security team
  • Implement role-based information security awareness and training programs across the enterprise
  • Define, implement and implement relevant policies

Security Operations Center (SOC, Security Operations Center)

Security Operation Center: Responsible for all daily network security operations of the enterprise, many of which are regularly performed and monitored by IT members and reported to the CISO organization. The following is a typical SOC job:

  • Collection of security intelligence sources (hostilities, security activities, ongoing security incidents at the national level and internationally, etc.)
  • Analysis and management of corporate information security threats
  • Perform security situation awareness based on the collected intelligence and threat information, and generate reports that have an operational perspective for corporate decision-makers
  • Logging (users, applications, networks, systems, access to physical assets, etc.)
  • Monitor logs and other related information (users, applications, networks, systems, access to physical assets, etc.)
  • Management of corporate network security vulnerabilities, viruses and malicious codes
  • Provide an incident response Help Desk for enterprise information security. This work department is also called Computer Incident Response Team (CIRT) or Computer Security Incident Response Team (CSIRT)
  • Security incident management (detection, analysis, response and recovery)
  • Communicate with internal stakeholders and external organizations involved in security incidents as needed

Emergency Operations and Response Management Department (EOIM, Emergency Operations & Incident Mgmt.)

The emergency action and response department works in close cooperation with the SOC. The main responsibility of this department is to mobilize company employees when major security incidents occur, initiate emergency plans, and manage these actions and response tasks that require high processing time. Under normal circumstances, the department and SOC members complete the following tasks:

  • Plan incident management and response
  • Plan how to ensure business continuity
  • Planning for disaster recovery at the IT level
  • Test, exercise and optimize all response plans
  • Issue management, root cause analysis and post-event review after a security incident
  • If necessary, conduct legal and regulatory investigations during and after security incidents, and cooperate with law enforcement agencies and other regulatory agencies in the investigations required

Security Engineering & Asset Security (SEAS, Security Engineering & Asset Security) The
security engineering and asset security department includes the six sub-departments shown in the figure. The main reason for combining security engineering and asset security in the same department is: to ensure the safety of corporate assets (hosts, networks, systems, applications, and information) during the operation of the security operations, in the relevant purchase and secondary The development work can be most efficient and requires greater cooperation. In recent years, there have been many cases of the benefits of such collaborative work as part of DevOps. That is, the CISO of an enterprise will consider the relevant technical leadership decision genes and the relevant technical capabilities of the employees. Work is divided into different corporate departments.

The Security Engineering Department (SE, Security Engineering) completes the following tasks:
Security requirements: define, assign and specify the three elements of security, confidentiality, integrity and availability for the enterprise

  • Requirements for development and acquisition work and related assets
  • Security architecture: develop and maintain the corporate network security architecture
  • Safety life cycle: to ensure that all assets of the enterprise fully meet safety requirements during the entire life cycle of procurement and development
  • Certification and qualification: complete the required certification and qualification before the new system and software are put into normal operation

Identity and Access Management Department (IAM, Identity & Access Mgmt.): Responsible for defining and managing the identity of persons, equipment, and other assets (such as information, technology, and facilities) that representatives need access to. The department is also responsible for defining and implementing access control policies based on these identities and their permissions. Technical methods for identity and access management include Active Directory, passwords, PIN (personal identification number), digital signatures, smart cards, biometrics, etc.

The Application Security Department (AS, Applications Security) completes the following tasks:

  • Develop and maintain assets such as software and application systems
  • Define, implement, evaluate and maintain necessary control measures according to safety requirements to protect related software and application systems
  • Parameter configuration of management software and application system
  • Management software and application system updates

The host and network security department (HNS, Host & Network Security) is responsible for the following tasks:

  • Develop and maintain assets such as networks (including wireless networks), hardware, systems, and mobile devices
  • Define, implement, evaluate and maintain necessary control measures according to security requirements to protect related networks, hardware, systems and mobile devices (for example, *** defense and detection systems)
  • Define, implement, evaluate and maintain necessary control measures according to security requirements to protect the network and corporate network boundaries (such as firewalls and VPNs)
  • Manage network, hardware, system and mobile device parameter configuration
  • Manage network, hardware, system and mobile device updates

Information Asset Security (IAS, Information Asset Security) is responsible for the following tasks:

  • Identify, prioritize and classify the company’s information and important assets (the classification here is usually based on the importance and sensitivity of the information assets)
  • Develop and maintain the company’s information assets
  • Define, implement, evaluate and maintain necessary control measures according to security requirements to protect information and important assets (including media information)

The physical environment security of the enterprise is usually assigned to another department of the enterprise, such as the chief security officer (CSO) of the enterprise, which means that the work is not within the scope of the CISO's responsibility. CSO and CISO must work closely to ensure the security of tangible assets such as physical facilities, especially those that contain information technology and operational data. We include this physical access control department (PAC, Physical Access Control) in the CISO architecture. The purpose is to define and implement the digital and electronic access control necessary for physical access to environmental facilities and other physical assets (such as networks and hosts). Due to the limited scope of this department, it can also be combined with other departments such as identity and access management into one department in the CISO structure.

Information Security Executive Council (ISEC, Information Security Executive Council)

Information Security Executive Committee: Responsible for providing advice to CISO and assisting CISO to ensure the realization of the following three tasks:

  • Enterprise information security goals and requirements
  • Security policies, programs, and plans are implemented
  • Fulfill the required compliance obligations outside the company

ISEC is an aspect of CISO governance and oversight responsibilities.
ISEC includes key members from relevant decision-making or business departments of the enterprise, such as the chief operating officer of the enterprise, the chief information officer, the chief financial officer, the chief security officer (or the person in charge of the physical environment security of the enterprise), legal counsel, human resources, and chief privacy Officer, marketing public relations, marketing, business department director, engineering director and information technology director, etc.

About Holographic Network Control: Holographic Network Control Technology integrates four advanced technologies, NG-DLP, UEBA, NG-SIEM, and CASB, and combines machine learning (artificial intelligence) to discover and reconstruct invisible user-device-data in the network in real time "Interactive relationship, launching an information security risk perception platform centered on user behaviors, providing an intelligent traceability system without perception and blind spots for enterprise information security management, efficiently and accurately auditing the past, monitoring the present, and preventing the future, greatly improving IT security operation and maintenance and security personnel respond to accidents, capture the evidence chain, hold accountability, and restore the ability and efficiency of IT systems.

Guess you like

Origin blog.51cto.com/14875961/2548286
Recommended
Ranking
Linux关机和重启详解(shutdown、halt、poweroff、reboot、init)
Netty work notes 0007---NIO's three core component relationships
Knife4j tutorial
2021.10.29,内容:什么时候用接口和抽象类
How to solve the problem that changing the memory frequency causes the computer to become unusable?
SpringMVC Tutorial - Controller
linux learning skills -Linux 25 transport Vega paid special privileges and facl extension
Financial quarterly report evaluation report data automatic generation 1.0
Agile Development Series - The Values of Agile Development
scrapy achieve browsercookie Middleware
Daily
More
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)

Code World

© 2018 codetd.com