My organization is in the process of establishing an information Security directorate. I was tasked with proposing an ideal structure for the Information Security function. Currently my proposed design has 2 main components: 1. Security Management (reporting to CISO) 2. Security Technical Operations (reporting to a Senior IT Security Manager) Furthermore, the Security Management functions will lead the security infrastructure, IAM and SOC capabilities and Security Management will drive the implementation of ISMS, Gov, Risk and compliance and Strategy and Policy. Would like to hear what other organization are doing in term of organizing their resources?
Sort By:
Oldest
Vice Presidenta year ago
Some perspective you might find useful here: https://www.fncyber.com/web-of-trust-article/the-3-must-have-cybersecurity-roles-in-your-organizationDeputy CISOa year ago
Hi, Pl refer to this link Key Findings: Security Organization Structure and Design (gartner.com)I can discuss more offline.
some think to chew
1) What are your burning priorities and thus the dedicated Lead/team you may need. This monitoring team probably only does this and maybe threat hunting etc
2) You probably need a separate focus on monitoring, a separate one to focus on defense (perimeter, end point)