How to turn your IT team into a security team
Introduction: IT teams vs. security teams
Building a strong security team should be a priority for all organizations today. This includes companies that already have a good IT team on board made of experienced systems managers and information systems engineers.
Although the two teams are often intertwined, the scope of work is different. IT teams manage and plan networks, hardware, data storage and processing as well as developing strategies to meet the needs of management with an eye at the assigned budget. Security teams focus on the protection of the organization information system infrastructure, the resiliency to internal or external threats and the defense of the confidentiality, integrity and availability of the greatest asset: data.
As we can see, the roles are different. While IT personnel have the skills and knowledge to build the system infrastructure in order to manage, store and transmit data, the security team is tasked with ensuring the safety of the substructure by creating the conditions to safeguard information. This includes not only technical solutions and vulnerability monitoring but also programs designed to target what is considered one of the greatest vulnerabilities in the cybersecurity chain: the user.
Security professionals, in their effort to mitigate risks for the organization, are also asked to foster a culture of cyber awareness to increase the responsiveness of staff.
Building a security team
Can IT and security professionals coincide? In a smaller organization, possibly. It is also possible to outsource the task to professional companies external to the organization.
But when building an internal team, especially in medium or large organizations, what can management consider? The task is to create a group that is focused on the discovery of threats and the understanding of possible vulnerabilities, and which is able to help staff become cyber-savvy. This cannot (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Daniel Brecht. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/831n2UGNCng/
