How to build a cyber security strategy[/size][
/b][/i][/u]
Executing a strong cyber security strategy requires you have the right people in place. The demand for professional cyber security folk has never been higher, from the C-suite down to the security engineers working on the front lines. Security leaders have elbowed their way into the C-suite and boardrooms, as protecting company data becomes mission critical for organizations. A chief security officer (CSO) or chief information security officer (CISO) is now a core management position that any serious organization must have.
Roles have also grown more specialized. The days of the generalist security analyst are fading fast. Today a penetration tester might focus on application security, or network security, or phishing users to test security awareness. Incident response may see you on call 24/7. The following roles are the foundation of any security team.
CISO/CSO
The CISO is a C-level management executive who oversees the operations of an organization’s IT security department and related staff. The CISO directs and manages strategy, operations, and the budget to protect an organization’s information assets.
Security analyst
Also referred to as cyber security analyst, data security analyst, information systems security analyst, or IT security analyst, this role typically has these responsibilities:
Plan, implement and upgrade security measures and controls
Protect digital files and information systems against unauthorized access, modification or destruction
Maintain data and monitor security access
Conduct internal and external security audits
Manage network, intrusion detection and prevention systems
Analyze security breaches to determine their root cause
Define, implement and maintain corporate security policies
Coordinate security plans with outside vendors
Security architect
A good information security architect straddles the business and technical worlds. While the role can vary in the details by industry, is that of a senior-level employee responsible to plan, analyze, design, configure, test, implement, maintain, and support an organization’s computer and network security infrastructure. This requires knowing the business with a comprehensive awareness of its technology and information needs.
Security engineer
The security engineer is on the front line of protecting a company's assets from threats. The job requires strong technical, organizational and communication skills. IT security engineer is a relatively new job title. Its focus is on quality control within the IT infrastructure. This includes designing, building, and defending scalable, secure, and robust systems; working on operational data center systems and networks; helping the organization understand advanced cyber threats; and helping to create strategies to protect those networks.
Reference:
https://www.csoonline.com/article/3242690/data-protection/what-is-cyber-security-how-to-build-a-cyber-security-strategy.html