Security team objectives

• Previous message (by thread): Security team objectives
• Next message (by thread): Security team objectives
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Jul 29, 2018 at 8:58 PM <valdis.kletnieks at vt.edu> wrote:
>
> On Mon, 30 Jul 2018 06:43:35 +0200, Ramy Hashish said:
> > If you are going to start a security team in a newly founded IT
> > organization, what will the objectives/results be?
>
> The answer will depend heavily on the organization that contains the IT
> group.  The right answers will be different for a bank, an ISP, a
> Fortune500, or a large university.  The location (country and
> state/province) and legal requirements for the company will also
> matter - I have to worry about FERPA, Comcast probably doesn't...

Nevertheless, some broad common objectives exist.

IMO, no one summarizes it better than Richard Bejtlich, in his
"Defensible Network Architecture 2.0":

https://taosecurity.blogspot.com/2008/01/defensible-network-architecture-20.html

The corresponding metrics for measuring results/progress would be more
specific to the type of org.

Royce

Royce

• Previous message (by thread): Security team objectives
• Next message (by thread): Security team objectives
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]