Cyber security roles and responsiblities

Cyber security roles and responsibilities

Cyber security roles and responsibilities illustrated below will give you an understanding and knowledge of different cyber security roles and responsibilities found within an organisation. The role or function assumed or part played by a person in a particular cyber security requirement.

System Administration (SysAdmin)

They are responsible for the upkeep of computer systems and infrastructure. Upkeeps security infrastructure (also computerised). SysAdmin passwords, computer administration systems, and monitoring systems are all protected.

Network security

By inspecting network traffic, its responsibility is to prevent unauthorised access and attacks. Blocks attacks and suspicious traffic, and keeps a well-designed multilayer network resilient to partial breakdowns, attacks, and insider threats.

Application security (AppSec)

Their responsibility is to safeguard systems by comprehending, monitoring, repairing, and patching applications (computer programmes) and application-specific network protocols such as email, web, and database protocols. Prevents social engineering attacks (such as phishing) that rely on these applications.

Endpoint, server, or device security

Their responsibility is to strengthen the security of servers, PCs, and BYOD devices. Employs a mix of required software (firewalls, antivirus), patch management, monitoring, and policy enforcement (e.g. password policy, Principle of Least Privilege [POLP]).

Identity and access management

Encompasses change management (onboarding new employees and removing access from leaving employees), Their responsibility is to manage identity verification, access management/logging credentials for system and physical access, and spotting privilege misuse or escalation.

Cryptography and data protection

This area focuses on confidentiality and integrity. Their responsibility is to ensure all encrypted communications remain secure, and all vital papers are cryptographically proven to be genuine, by managing the cryptographic suites used for processing keys, digital certificates, and management of signed documents.

Monitoring operations, vulnerability detection, and patch management

This area tests infrastructure and systems on a regular basis. They identify and implement patch management (in collaboration with SysAdmins), and they monitor changes in software versions, installations, and architectures that may present new chances for attackers. They employ SIEM (Security Information and Event Management) and SOCs (Security Operations Centres).

Ensures availability, disaster recovery, and physical security

Manages physical access to hardware and internal systems (a significant target for attackers). Other types of controls become worthless if physical access is established. RPOs and RTOs are crucial in this domain because they govern how much data can be lost as a result of an attack and their responsibility is to minimize how long an enterprise can be disabled before it becomes unrecoverable.

Incident Response

Their responsibility is to respond to an attack detected by monitoring systems. Following that, identify the vulnerabilities that are being exploited, employ defence in depth and layered defences to halt an attack, and collect IoCs (indicators of compromise) that can be used to detect or prevent future assaults. Back-dooring malicious network traffic, shutting firewall ports, isolating infected hosts, or replacing a production system are all possible responses.

Asset Management and Supply Chain

Their responsibility is to monitor the installation and provenance of software and applications used by or for the enterprise. Versioning of software, patch status, updates, and the use of third-party software and open-source libraries are all tracked. If a vulnerability in an open-source software component is reported, this team must know where that component is used.

Policy, audits, e-Discovery, and training

Typically handled by the CISO (Chief Information Security Officer). How things are done on the ground is determined by strategy, policy, precedents, and operations. Legal and regulatory responses are controlled by gathering evidence from civil and compliance investigations. Training is also part of the compliance obligations for her or him.

Classifying organisational security

Head of Security. Security roles can be divided into the following categories: Cybersecurity, physical security, and convergent security are all examples of security (cyber security and physical security).