Cyber security is not a new thing, but even so, it feels that way. High profile attacks and data breaches increase public awareness of the issue and the overarching feeling seems to be, “you’re not safe anymore.”
Hyped up issues tend to be easy to click and share, but there is typically a lot of nuance and detail to unpack before you can find solutions to the problem. Therefore, I thought it would be helpful to approach the topic from the beginning. Starting with with, “What is cyber security in the first place?”
The Role of Cyber Security in the Organization
Broadly speaking, Cyber Security is a subset of Information security management that focuses on digital information and digital assets. Cyber security’s goal is to assure the CIA of digital information within the organization. CIA stands for: Confidentiality, Integrity & Availability.
To accomplish this a Cyber Security approach must:
- Establish security measurements & metrics
- Maintain awareness of emerging threats & vulnerabilities
- Translate risks into business impact for Sr. leadership
- Recommend best practices & influence the organizations policy, standards, procedures and guidelines
- Ensure compliance with Government and industry regulators
The Team members involved in Cyber Security:
Cyber Security is a function of management that touches every aspect of the business. Therefore, everyone on the team has some level of involvement. However, there are key roles and responsibilities and each one plays an important part.
C-level / Sr. Leadership
C-level is responsible for making value judgments based on cyber security vulnerability and business risk. They have the ultimate authority, therefore they have the ultimate responsibility for results of the organizations cyber security program.
The Steering committee represents the different departments within the organization. The committee’s purpose is to provide insight into business operations, data classification, and overall impact of cyber security policy’s and procedures.
Auditors are outside consultants or regulators tasked with assessing cyber vulnerability and risk. It is important that auditors are not aligned with the IT organization, but rather with operations or finance.
Data owner – the data owner is responsible for the classification of data. Classification drives the organization’s cyber security controls. (General use data can be on a file server and any authenticated network user can access it. Top Secret data goes in a safe and only the COO and CFO know the location of the safe and the lock combination)
The data custodian is responsible for the safe custody, transport, storage of the data. Simply put, data custodians are responsible for the technical environment and database structure.
The network admin ensures availability of resources and has access to resources based on pre-established policy and can make changes within his sphere of access.
Security Admin has access to everything allowing her to audit and measure cyber security effectiveness. But a security admin should not have permission to make any changes.
It’s important to note that the network admin and the security admin roles often conflict with one another. At the core, a network admin wants to assure access to network resources. A security admin by contrast seeks to enforce a principle of least privilege (Access on a need to know basis.) Therefore these roles need to be separated. The security admin and the network admin should not be the same person.
As I noted earlier, I feel like this is the very beginning of an exploration into the cyber security I plan to add future postings on the topic and to expand on what I’ve outlined here. If you have any questions or if you feel like you have something to add, please leave a comment. You can also connect with me here: Connect with Jason