On Mon, 30 Jul 2018 04:43:35 +0000 Ramy Hashish <ramy.ihashish@gmail.com> wrote:
If you are going to start a security team in a newly founded IT organization, what will the objectives/results be?
Hello Ramy, Management and organization buy-in is important. Initially I would say it would be helpful to do some internal education and awareness, which helps with the first point. Identify a few things you can improve upon right away. Some small obtainable achievements would help justify the team if the team can point to some early success. Then build up that. FIRST.org, which is the original security team community, has a wealth of very detailed guides and information you might look over: <https://www.first.org/resources/guides/> John
The Big Goal of security can be stated something like this: "To bend all of the cost and benefit curves to most closely align with the organization's security goals" If the Board of Directors can't articulate the goals, your pretty much doomed. David -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of John Kristoff Sent: Monday, July 30, 2018 5:00 AM To: nanog@nanog.org Subject: Re: Security team objectives On Mon, 30 Jul 2018 04:43:35 +0000 Ramy Hashish <ramy.ihashish@gmail.com> wrote:
If you are going to start a security team in a newly founded IT organization, what will the objectives/results be?
Hello Ramy, Management and organization buy-in is important. Initially I would say it would be helpful to do some internal education and awareness, which helps with the first point. Identify a few things you can improve upon right away. Some small obtainable achievements would help justify the team if the team can point to some early success. Then build up that. FIRST.org, which is the original security team community, has a wealth of very detailed guides and information you might look over: <https://www.first.org/resources/guides/> John ---------------------------------------------------------------------- This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, notify the sender immediately by return email and delete the message and any attachments from your system.
participants (2)
-
Hiers, David
-
John Kristoff