Every Organizational functions required to manage information security risk in an enterprise. These organizational functions collectively form the human portion of an overall cybersecurity system. Each function may be performed by one or more people, and each person may perform one or more functions, depending on various factors such as culture, budget, and available resources.
Each of the following articles provide information about each function. Each article provides a summary of objectives, how the function can evolve because of the threat environment or cloud technology changes, and the relationships and dependencies that are critical to its success.
- Policy and standards
- Security operations center (SOC)
- Security architecture
- Security compliance management
- People security
- Application security and DevSecOps
- Data security
- Infrastructure and endpoint security
- Identity and keys
- Threat intelligence
- Posture management
- Incident preparation
Security is a team sport:
Its critical that individuals on the security team see each other as part of a whole security team, part of the whole organization, and part of a larger security community defending against the same adversaries. This holistic view enables the team to work well in general. It’s especially important as the teams work through any unplanned gaps and overlaps discovered during the evolution of roles and responsibilities