Scribd
Upload
704 views2 pages

Cybersecurity Role: Laboratory Exercise 1

The document describes a laboratory exercise on cybersecurity roles. [1] It discusses seven key roles for an effective cybersecurity team: software development, threat intelligence, intrusion detection, incident management, risk mitigation, data analytics, and the ability to work across the organization. [2] It emphasizes the importance of each team member understanding their role and how it contributes to security and business goals. [3] Effective communication and seeing security as enabling rather than obstructing business are also important.

Uploaded by

Leigh Villa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
704 views2 pages

Cybersecurity Role: Laboratory Exercise 1

The document describes a laboratory exercise on cybersecurity roles. [1] It discusses seven key roles for an effective cybersecurity team: software development, threat intelligence, intrusion detection, incident management, risk mitigation, data analytics, and the ability to work across the organization. [2] It emphasizes the importance of each team member understanding their role and how it contributes to security and business goals. [3] Effective communication and seeing security as enabling rather than obstructing business are also important.

Uploaded by

Leigh Villa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

IT1914

Laboratory Exercise 1
Cybersecurity Role
Objective:
At the end of the exercise, the students should be able to:

 Describe the cybersecurity role of a company.

Materials:
 Internet connection
 MS Office

Procedures:
1. Read the blog post entitled “Cybersecurity Team Structure: 7 Important Roles & Responsibilities”
by Melissa Stevens below.

Y ou’ve heard it said that a chain is only as strong as its weakest link. When it comes to your
cybersecurity team, this adage couldn’t be more appropriate. If you want this team to
perform with both diligence and accuracy, it’s critical that you consider the following:
First, every team member understands the importance of their role. Everyone on the team
needs to be focused and performing well every single day to be effective—and they need to
understand why that is so important. Even those team members with repetitive functions—like
those in access/identity management, for example. They handle sensitive data and could
inadvertently cause a cybersecurity issue if they’re not careful. They must remain vigilant and
engaged. Simply telling everyone their job is critical isn’t impactful; instead, demonstrate how
their jobs are critical to the health and security of the business by tying what they do day-to-
day to the organization’s strategic goals.
Second, security is there to facilitate the business, not to work against the business. If
even one member of your team takes on a “no can do” attitude for every management request,
that will throw off the rest of the team. Emphasize to every team member that their job is to
help the business find the most secure way to accomplish the need—security and the business
should be partners. There will be times when you must deliver the message that the business
request poses a significant risk but it’s usually a business decision to accept that risk or not. If
you focus on helping the business achieve its goals in a secure way that’s appropriate for
what’s at risk, the times you need to say no will be rare. As a result, the business will be more
likely to listen when those times come.
Finally, it’s critical not to overstate risk, but to keep the discussion logical and fact-
based. As Celia Baker, President of the IntelliGRACS Group Inc., told us, “If you’re going to
say the sky is falling, be sure it’s really falling—not just starting to rain.” Some security
professionals may be tempted to craft dramatic cybersecurity messages based on FUD (fear,
uncertainty, and doubt) to secure funding or make a point. That may work once or twice—but
in the long term, management will stop listening. Ensure that every team member keeps their
presentations solid and fact-based as risk is being communicated up the chain and across the
business.
The above guidelines will be useful for managing your group, but you’ll also need the right
people in place who can work well within those parameters. Below we’ve outlined seven skills,
traits, roles, and responsibilities necessary for a well-rounded cybersecurity team.

01 Laboratory Exercise 1 *Property of STI


Page 1 of 2
IT1914

Cybersecurity Team Structure: 7 Important Roles & Responsibilities


1. Software Development
Having someone on your team with secure software development skills is a huge advantage
for a cybersecurity team. Many companies rely on external third parties for development, but
it really helps strengthen a security program to have someone on board with the knowledge
and skill set to be part of those conversations.

2–4. Threat Intelligence, Intrusion Detection, & Incident Management


Key to cybersecurity are monitoring and identifying issues before they happen, catching issues
as quickly as possible, and taking the necessary steps after an incident has taken place—
you’ll need team members who can handle these discrete but connected functions.
5. Risk Mitigation
Every member of your team should understand how to mitigate risk. It’s helpful here to have
team members that understand controls and auditing. If you can think like an auditor, you can
identify weak controls (cause risk) and then implement appropriate mitigation strategies.

6. Data Analytics
Do you have someone on your cybersecurity team who can look at raw data to identify patterns
and cull out useful and actionable information? Knowing and understanding how to correlate
and interpret data is critical for cybersecurity. If not, you need to be sure you hire for this or
foster this skill as soon as possible.

7. The Ability To Work Across The Organization


More of a soft skill, this is still critical for every cybersecurity team member. You can have very
intelligent team members with top-notch security skills, but if these individuals can't have
relevant conversations with people in other departments in a manner that elicits cooperation,
they’ll have more limited career opportunities, limited effectiveness in their current roles, and
less opportunity for advancement. Not being able to speak the language of the business and
other teams is a primary reason good technical people don’t advance beyond middle
management. So be sure every team member knows how to work and communicate with other
teams and other levels of management—knowing when to lose the tech jargon will go a long
way.
2. Answer the following questions:
a. What is the article all about?
b. Among the seven (7) roles and responsibilities of cybersecurity structure, which one do
you think is the most important?
c. Do you agree with the article? Why or why not?
3. Submit your output to your instructor.

GRADING RUBRIC:
Criteria/Scoring 0 – 35 36 – 70 71 – 100 Score
No output done. Explained the article Provided examples /100
Procedure
and gave some and explained the
Execution
examples. article clearly.
TOTAL /100

Reference:
Stevens, M. (2017, July 10). Cybersecurity team structure: 7 important roles & responsibilities. Retrieved from
https://www.bitsight.com/blog/cybersecurity-teams on April 24, 2019

01 Laboratory Exercise 1 *Property of STI


Page 2 of 2

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy