Lab Exercise 1: Cybersecurity Role PDF
Document Details
Uploaded by HighQualityVigor
STI
Tags
Summary
This document is a lab exercise focusing on cybersecurity roles within a company. The exercise involves understanding the importance of roles within a cybersecurity team and the need for a security team to support, rather than impede, business goals. The document also discusses important risk management aspects and the logical, fact-based nature of security discussions.
Full Transcript
IT1914 Laboratory Exercise 1 Cybersecurity Role Objective: At the end of the exercise, the students should be able to: Describe the cybersecurity role of a company. Materials: ...
IT1914 Laboratory Exercise 1 Cybersecurity Role Objective: At the end of the exercise, the students should be able to: Describe the cybersecurity role of a company. Materials: Internet connection MS Office Procedures: 1. Read the blog post entitled “Cybersecurity Team Structure: 7 Important Roles & Responsibilities” by Melissa Stevens below. Y ou’ve heard it said that a chain is only as strong as its weakest link. When it comes to your cybersecurity team, this adage couldn’t be more appropriate. If you want this team to perform with both diligence and accuracy, it’s critical that you consider the following: First, every team member understands the importance of their role. Everyone on the team needs to be focused and performing well every single day to be effective—and they need to understand why that is so important. Even those team members with repetitive functions—like those in access/identity management, for example. They handle sensitive data and could inadvertently cause a cybersecurity issue if they’re not careful. They must remain vigilant and engaged. Simply telling everyone their job is critical isn’t impactful; instead, demonstrate how their jobs are critical to the health and security of the business by tying what they do day-to- day to the organization’s strategic goals. Second, security is there to facilitate the business, not to work against the business. If even one member of your team takes on a “no can do” attitude for every management request, that will throw off the rest of the team. Emphasize to every team member that their job is to help the business find the most secure way to accomplish the need—security and the business should be partners. There will be times when you must deliver the message that the business request poses a significant risk but it’s usually a business decision to accept that risk or not. If you focus on helping the business achieve its goals in a secure way that’s appropriate for what’s at risk, the times you need to say no will be rare. As a result, the business will be more likely to listen when those times come. Finally, it’s critical not to overstate risk, but to keep the discussion logical and fact- based. As Celia Baker, President of the IntelliGRACS Group Inc., told us, “If you’re going to say the sky is falling, be sure it’s really falling—not just starting to rain.” Some security professionals may be tempted to craft dramatic cybersecurity messages based on FUD (fear, uncertainty, and doubt) to secure funding or make a point. That may work once or twice—but in the long term, management will stop listening. Ensure that every team member keeps their presentations solid and fact-based as risk is being communicated up the chain and across the business. The above guidelines will be useful for managing your group, but you’ll also need the right people in place who can work well within those parameters. Below we’ve outlined seven skills, traits, roles, and responsibilities necessary for a well-rounded cybersecurity team. 01 Laboratory Exercise 1 *Property of STI Page 1 of 2 IT1914 Cybersecurity Team Structure: 7 Important Roles & Responsibilities 1. Software Development Having someone on your team with secure software development skills is a huge advantage for a cybersecurity team. Many companies rely on external third parties for development, but it really helps strengthen a security program to have someone on board with the knowledge and skill set to be part of those conversations. 2–4. Threat Intelligence, Intrusion Detection, & Incident Management Key to cybersecurity are monitoring and identifying issues before they happen, catching issues as quickly as possible, and taking the necessary steps after an incident has taken place— you’ll need team members who can handle these discrete but connected functions. 5. Risk Mitigation Every member of your team should understand how to mitigate risk. It’s helpful here to have team members that understand controls and auditing. If you can think like an auditor, you can identify weak controls (cause risk) and then implement appropriate mitigation strategies. 6. Data Analytics Do you have someone on your cybersecurity team who can look at raw data to identify patterns and cull out useful and actionable information? Knowing and understanding how to correlate and interpret data is critical for cybersecurity. If not, you need to be sure you hire for this or foster this skill as soon as possible. 7. The Ability To Work Across The Organization More of a soft skill, this is still critical for every cybersecurity team member. You can have very intelligent team members with top-notch security skills, but if these individuals can't have relevant conversations with people in other departments in a manner that elicits cooperation, they’ll have more limited career opportunities, limited effectiveness in their current roles, and less opportunity for advancement. Not being able to speak the language of the business and other teams is a primary reason good technical people don’t advance beyond middle management. So be sure every team member knows how to work and communicate with other teams and other levels of management—knowing when to lose the tech jargon will go a long way. 2. Answer the following questions: a. What is the article all about? b. Among the seven (7) roles and responsibilities of cybersecurity structure, which one do you think is the most important? c. Do you agree with the article? Why or why not? 3. Submit your output to your instructor. GRADING RUBRIC: Criteria/Scoring 0 – 35 36 – 70 71 – 100 Score No output done. Explained the article Provided examples /100 Procedure and gave some and explained the Execution examples. article clearly. TOTAL /100 Reference: Stevens, M. (2017, July 10). Cybersecurity team structure: 7 important roles & responsibilities. Retrieved from https://www.bitsight.com/blog/cybersecurity-teams on April 24, 2019 01 Laboratory Exercise 1 *Property of STI Page 2 of 2
