Security team objectives

Mon Jul 30 17:00:24 UTC 2018

The Big Goal of security can be stated something like this:

"To bend all of the cost and benefit curves to most closely align with the organization's security goals"

If the Board of Directors can't articulate the goals, your pretty much doomed.

David

-----Original Message-----
From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of John Kristoff
Sent: Monday, July 30, 2018 5:00 AM
To: nanog at nanog.org
Subject: Re: Security team objectives

On Mon, 30 Jul 2018 04:43:35 +0000
Ramy Hashish <ramy.ihashish at gmail.com> wrote:

> If you are going to start a security team in a newly founded IT 
> organization, what will the objectives/results be?

Hello Ramy,

Management and organization buy-in is important.  Initially I would say it would be helpful to do some internal education and awareness, which helps with the first point.  Identify a few things you can improve upon right away.  Some small obtainable achievements would help justify the team if the team can point to some early success.  Then build up that.

FIRST.org, which is the original security team community, has a wealth of very detailed guides and information you might look over:

  <https://www.first.org/resources/guides/>

John

----------------------------------------------------------------------
This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, notify the sender immediately by return email and delete the message and any attachments from your system.