2

Cybersecurity Organization Structure

  • Upload
    others

  • View
    16

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Cybersecurity Organization Structure
Page 2: Cybersecurity Organization Structure

Cybersecurity Organization Structure ◾ 167

many departments to define the metrics to be collected, collect the metrics on a periodic basis (monthly minimally for operational metrics), validate the metrics, and determine the “meaning” of the metrics. Selected metrics of interest can then be provided to the board.

EDWARD MARCHEWKA: SECURITY METRICS TO MEASURE PROGRAM EFFECTIVENESS

Director, Information and Technology Services, Gift of Hope

Metrics help to tell a story to the right audience in terms they will understand. We, CISOs, have different audience members that include the board, execu-tives, auditors/regulators, and engineers. As we tell each of these audiences the story of information security, it must be appropriate for our audience’s level of understanding and their background keeping in mind they ask of or from them.

◾ The board is strategic, and we are asking for resources. The board, usu-ally, receives an aggregated total score and maturity score, with average risk rating. This tells them where we are and how tight the controls are. We can use this to build a road map too and show how the resources are helping to move the needle.

◾ Executives need actionable information, usually, by subject area, and we need to answer their ask, “What’s in it for me?” Executives need to see how the security program is affecting them. We need to aggregate by topics they care about. For example, the CMO might care about integrity and reputation, to address concerns of report accuracy and potential reputation damage. I aggregate my tactical metrics around six key business indicators: confidentiality, integrity, availability, human resources, finance, and reputation.

◾ Auditors/regulators need to know we know about our environment and that we are doing something about it. This is the blend of the aggre-gated and tactical metrics. They may understand that a program exists with the tactical metrics but may also want to see the details.

◾ Engineers need the details, and we are going to ask them to fix some-thing. With the engineers, we can show them detailed tactical metrics such as patch cycle times or incident mean time to resolution.

NIST and Center for Internet Security (CIS)have great listings of tactical metrics with parameters for different levels of risk. From there, you can tie the results to specific technologies. Your metrics are not a burden to the job but should be a tool to help you tell a better story.


Market Organization and Structure Larry Harris Los Angeles ... Organization...Market Organization and Structure Larry Harris ... MARKET ORGANIZATION AND STRUCTURE LEARNING OUTCOMES

Market Organization and Structure Larry Harris Los Angeles ... Organization...Market Organization and Structure Larry Harris ... MARKET ORGANIZATION AND STRUCTURE LEARNING OUTCOMES

Documents
Organization Structure (1)

Organization Structure (1)

Documents
ICCSS organization and development of the cybersecurity

ICCSS organization and development of the cybersecurity

Documents
Cybersecurity Update December 5, 2012. Agenda Cybersecurity – A growing problem Cybersecurity in other states (NASCIO/Deloitte Study) Structure Challenges

Cybersecurity Update December 5, 2012. Agenda Cybersecurity – A growing problem Cybersecurity in other states (NASCIO/Deloitte Study) Structure Challenges

Documents
Updates to the NIST Cybersecurity Frameworkmdsp.maryland.gov/Organization/SiteAssets/Pages...Agenda: • Overview of NIST Cybersecurity Framework • Updates to the NIST Cybersecurity

Updates to the NIST Cybersecurity Frameworkmdsp.maryland.gov/Organization/SiteAssets/Pages...Agenda: • Overview of NIST Cybersecurity Framework • Updates to the NIST Cybersecurity

Documents
Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition

Cybersecurity: Engineering a Secure Information Technology Organization, 1st Edition

Documents
Framework for Improving Critical ... - Temple MIS€¦ · organization and structure to today’s multiple approaches to cybersecurity by assembling standards, guidelines, and practices

Framework for Improving Critical ... - Temple MIS€¦ · organization and structure to today’s multiple approaches to cybersecurity by assembling standards, guidelines, and practices

Documents
Organization Behavior- Organization structure

Organization Behavior- Organization structure

Documents
for Critical Infrastructure Cybersecurity · cybersecurity technologies and practices, the organization actively adapts to a changing cybersecurity landscape and responds to evolving

for Critical Infrastructure Cybersecurity · cybersecurity technologies and practices, the organization actively adapts to a changing cybersecurity landscape and responds to evolving

Documents
Dimensions of Organization Structure - UACJbivir.uacj.mx/Reserva/Documentos/rva200315.pdf · Structure Organization Defined Define organization structure and discuss its purpose

Dimensions of Organization Structure - UACJbivir.uacj.mx/Reserva/Documentos/rva200315.pdf · Structure Organization Defined Define organization structure and discuss its purpose

Documents
Federal Cybersecurity Coding Structure · Web view2017/10/19  · October 18, 2017 Version 2.0 Federal Cybersecurity Coding Structure This document explains the coding structure used

Federal Cybersecurity Coding Structure · Web view2017/10/19  · October 18, 2017 Version 2.0 Federal Cybersecurity Coding Structure This document explains the coding structure used

Documents
ESSENTIAL FUNCTIONS OF A CYBERSECURITY PROGRAM · 1 ESSENTIAL FUNCTIONS OF A CYBERSECURITY PROGRAM Introduction No matter the size of an organization, every organization that depends

ESSENTIAL FUNCTIONS OF A CYBERSECURITY PROGRAM · 1 ESSENTIAL FUNCTIONS OF A CYBERSECURITY PROGRAM Introduction No matter the size of an organization, every organization that depends

Documents
Class organization-structure

Class organization-structure

Documents
Organization Structure Workshop

Organization Structure Workshop

Documents
Cybersecurity & Blockchain technology: Preparing to face cyber · Cybersecurity within your organization 1.) Business Centric 2.) Information Centric 3.) Technology Centric Cybersecurity

Cybersecurity & Blockchain technology: Preparing to face cyber · Cybersecurity within your organization 1.) Business Centric 2.) Information Centric 3.) Technology Centric Cybersecurity

Documents
TCS Organization Structure

TCS Organization Structure

Documents
Structure & Organization

Structure & Organization

Education
Cybersecurity Attack Vectors: How to Protect Your Organization

Cybersecurity Attack Vectors: How to Protect Your Organization

Technology
Sales Organization Structure

Sales Organization Structure

Documents
Organization structure

Organization structure

Business
Singapore Cybersecurity Consortiumsgcsc.sg/doc/SGCSC_Slides.pdf · Structure. Membership • Companies with interest and expertise in cybersecurity. Representatives • Government

Singapore Cybersecurity Consortiumsgcsc.sg/doc/SGCSC_Slides.pdf · Structure. Membership • Companies with interest and expertise in cybersecurity. Representatives • Government

Documents
Organization Structure - Delaware

Organization Structure - Delaware

Documents
Organization Behavior and Organization Structure

Organization Behavior and Organization Structure

Documents
Plant Structure and Organization 1 Ch. 25 – Plant Structure & Organization

Plant Structure and Organization 1 Ch. 25 – Plant Structure & Organization

Documents