My organization is in the process of establishing an information Security directorate. I was tasked with proposing an ideal structure for the Information Security function. Currently my proposed design has 2 main components: 1. Security Management (reporting to CISO) 2. Security Technical Operations (reporting to a Senior IT Security Manager) Furthermore, the Security Management functions will lead the security infrastructure, IAM and SOC capabilities and Security Management will drive the implementation of ISMS, Gov, Risk and compliance and Strategy and Policy. Would like to hear what other organization are doing in term of organizing their resources? 

Security & GRC
3.2k views2 Comments
Sort By:
Oldest
Vice Presidenta year ago
Some perspective you might find useful here:  https://www.fncyber.com/web-of-trust-article/the-3-must-have-cybersecurity-roles-in-your-organization
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
Deputy CISOa year ago
Hi, Pl refer to this link Key Findings: Security Organization Structure and Design (gartner.com)
I can discuss more offline. 
some think to chew 
1) What are your burning priorities and thus the dedicated Lead/team you may need. This monitoring team probably only does this and maybe threat hunting etc
2) You probably need a separate focus on monitoring, a separate one to focus on defense (perimeter, end point)
 

Content you might like

We are using MDM and MAM with Intune to protect our Office 365 data on employee mobile devices. We also have end-users who are contractors and have existing MDM/MAM controls on their device from their primary employer.  They cannot add our corporate INTUNE controls to the same device according to the Microsoft error messages. The same issue applies to NEDs who work for multiple corporates. Has anyone else found a solution for this?

Management ToolsSecurity & GRCStrategy & Architecture+1 more
Director of Information Security9 days ago
We haven't found a "good" solution short of issuing a separate managed device; the user has to choose whose policies to apply to their device. On Android you can technically create separate user profiles to get around this ...read more
Read More Comments
364 views3 Comments

In the past 6 months, have you seen an uptick in targeted cyberattacks on telehealth devices and networks?

Security & GRCNetworkThreat & Vulnerability Management+2 more

No Increase16%

1-5% increase47%

6-25% increase24%

26-50% increase6%

51-75% increase1%

76%+1%

Other2%

View Results
1.7k views1 Upvote

Does anyone have playbooks, or checklists covering cybersecurity aspects of Divestitures, Mergers, and acquisitions? 

Security & GRC
Director of Network Transformationa year ago
Excellent question!!  Folks, please share what should be included in a playbook/checklist.  Let's crowdsource one!
3
Read More Comments
4.2k views2 Upvotes4 Comments

What is your organization’s current status for implementing endpoint security to protect O365 on mobile devices?

End-User Services & CollaborationSecurity & GRCDevice Management+14 more

Implementation complete23%

Implementation in progress54%

Planned within the next 12 months12%

Not planned7%

Not enabling O365 on mobile2%

View Results
2.4k views2 Upvotes

What methodologies or frameworks (like NIST CSF, CMMC, etc.) are you using to assess and track your cybersecurity maturity level?

Security & GRCStrategy & ArchitectureManagement Tools+6 more
Data Scientist in Consumer Goodsa year ago
we use CSF to assess and track cybersecurity maturity level
1
Read More Comments
43k views22 Upvotes61 Comments