In: Computer Science
, design the information security of an organization
Information Security Organization Designs are design structures
made to establish the implementations required to strengthen the
information security of an organization. They vary from companies
to companies and each organisation design has its own pros and
cons.
Secure by design is important for developing software and hardware
because it becomes more difficult to add security as a system
develops. In addition, dealing with existing cybersecurity
vulnerabilities and patching them in real-time can be difficult.
And it will never be as effective as designing systems to be as
secure as possible from the beginning.
When designing an Information Security Organization Design, there
are many factors to be taken into consideration.
Some of them are :
The risk managing capability of an organization.
The maturity of information security and the overall risk-bearing
capacity of the organization comes under this.
The industry vertical in which the organization operates.
The level of outsourcing and other supports for the
organization.
The previous inherited measures of security that roll over all the
vertical and horizontal functions.
Information Security design of an organisation mainly has two
levels :
1 - CIO/CISO
2 - Execution level.
CIO/CISO
Chief information security officers (CISOs) and chief information
officers (CIOs) are head of the information security of the
organisation.CISO focuses on technology while CIO focuses on
buisness. They are responsible for all the decision making process
for :
Policies
Strategies
Programs
Awareness
Execution Level :
This level is furthur divided into two groups Technolgy
Analysis and Operations Analysis
Technology Analysis:
This group is responsible for all the execution of the plans and
decisions made by CIO/CISOs . They are responsible for designing
all the interfaces making sure that they are safe and secure from
outside threat.
They work on :
Platform Security
Application Security
Consulting
Data Security
Operations Analysis :
This group is responsible for all the system administration issues
and making sure that all the operations that are executed
throughtout the organisation are secure. They are also responsible
for maintaining good client relationships.
They work on:
System Administration
Log Analysis
Incident Response
Vendor Relations