Information Security in Organization Structure (CISO)

In this article, I will introduce the concept of Information Security (InfoSec) as an independent section or department in the organization. I will start from the beginning by explaining what is information and what is information in the organization until we reach to a point where we can differentiate between Information Technology (IT) and Information Security (InfoSec) which is somehow related terms and also a related department in the organization. But, it should to independent departments in the organization.

Just to mention at the beginning that the purpose of this article is not to reduce the importance of IT in the organization but to clarify that IT is a department that is handling an important part of the organization strategy and goals and InfoSec also handling another impotent part of the organization strategy and goals.

Better to start by explaining what is Information. It is something that people can learn, know about, or understand. For example, the book contains information about some subject. This information is important to the book because without it the book will be meaningless. Another definition of the information form technical perspective (from TechTarget Website) Information is stimuli that have to mean in some context for its receiver. When information is entered into and stored in a computer, it is generally referred to as data. After processing (such as formatting and printing), output data can again be perceived as information (refer to Click here). But, also information can be physical not only digital.

Information is an asset to any organization or we can say it is the main asset of the organization. So, after the evolution of computer and using the computer in the enterprise. Information mostly moved from physical use to digital use and all the processing and operations performed using systems and software. Here we can say the IT department started and as old people in this area know that this section was a very small section under another department not related to IT like account. Because mainly it was handling data entry to mainframes and it use to be 2 to 3 employees. With the growth of using the technology and increasing demand for using the technology in the enterprise the IT department started to be as a standalone department in the organization and at that time the main focus of IT department is the performance of entering the data and processing it the correct way. And as you can see these days IT department is one of the main department in many organizations and it contains multiple sections under it like Infrastructure, Support, development ,and some time projects.

Nowadays with the increasing use of digital technology and the organizations depending on the technology in day to day operation, a new demand comes to the Horizon which is securing that information in the systems. By saying securing not only means prevent this information from being exposed to hackers or leaking it. But, balanced protection of the Confidentiality, Integrity , and Availability (CIA) tried which is the main target and purpose of InfoSec department in the organization.

Information Technology (IT) Department roles and responsibilities in the organization:

IT is department within a company that is charged with establishing, monitoring and maintaining information technology systems and services. IT organization is typically managed by a Chief Information Officer (CIO) or IT Director. Roles and responsibilities it may explained in different way but I chooses below brief roles and responsibilities explanation (reference for below explanation click here).
  • Governance refers to the implementation of operational parameters for working units and individuals' use of IT systems, architecture, and networks. The governance of the master data is based on workflow processes that integrate business rules and subject matter domain expertise. This is part of the conventional IT security as well as the data assurance for which the IT department is also responsible.
  • Infrastructure refers to the hardware components, the network, the circuitry, and all other equipment necessary to make an IT system function according to the established needs and system "size" of the company.
  • Functionality is perhaps the most apparent task performed by the IT department. It refers to creating and maintaining operational applications; developing, securing, and storing electronic data that belongs to the organization; and assisting in the use of software and data management to all functional areas of the organization.
Information Security (InfoSec) Department roles and responsibilities in the organization:
Instead of waiting for a data breach or security incident, the CISO is tasked with anticipating new threats and actively working to prevent them from occurring. The CISO must work with other executives across different departments to ensure that security systems are working smoothly to reduce the organization's operational risks in the face of a security attack.

  • Conducting employee security awareness training, 
  • Developing secure business and communication practices, 
  • Identifying security objectives and metrics, 
  • Choosing and purchasing security products from vendors, 
  • Ensuring that the company is in regulatory compliance with the rules for relevant bodies 
  • Enforcing adherence to security practices.
  • Ensuring the company's data privacy is secure,
  • Managing the Computer Security Incident Response Team and conducting electronic discovery and digital forensic investigations.


Refer to click link.

Finally, the main purpose of writing this article is to express my opinion and to show that InfoSec team deserves to be under an independent department with standalone roles and responsibilities and it will be led by Chief Information Security Officer. May be currently a lot of CEO's doesn't see this but soon it will be the practice.

Comments

  1. Ana CyberDecember 2, 2021 at 3:44 AM

    Remarkable post, the information you have mentioned is really knowledgeable and engaging for us, I really enjoyed reading it. Thanks for sharing. Cyber Security Services

    ReplyDelete
  2. apcamericaFebruary 2, 2022 at 10:10 AM

    Excellent post. I really enjoy reading and also appreciate your work. This concept is a good way to enhance knowledge about security system company. Keep sharing this kind of articles, Thank you.

    ReplyDelete
  3. aaronnssdApril 18, 2022 at 11:27 PM

    Excellent post. I really enjoy reading and also appreciate your work.hoa security services Miami This concept is a good way to enhance knowledge. Keep sharing this kind of articles, Thank you.

    ReplyDelete
  4. securtacMay 12, 2022 at 9:41 PM

    I am attracted by the presentation of this article. Security guard services in Durham It is a genuinely a gainful article for us. Keep posting, Thank you

    ReplyDelete
  5. emeraldacademyMay 22, 2022 at 1:42 PM

    I got some instructive information from this post about calendar and events. You have done such a brilliant job. Door Supervisor Course in Ealing Only £229 Keep it up. Get add to calendar link.

    ReplyDelete
  6. countersecurityJune 22, 2022 at 5:12 PM

    I liked your work and, as a result, the manner you presented this content about Private Security Services London.It is a valuable paper for us. Thank you for sharing this blog with us.

    ReplyDelete
  7. WB Sales and ServiceJune 24, 2022 at 6:02 PM

    Your blog contains lots of valuable data. It is a factual and beneficial article for us.affordable security systems regina sk Thankful to you for sharing an article like this.

    ReplyDelete
  8. UnknownJuly 12, 2022 at 10:07 AM

    u826b3zhvuq165 finger vibrator,sex chair,realistic dildo,horse dildo,dildo,vibrators,horse dildo,women sexy toys,horse dildos d900x4vsyvq740

    ReplyDelete
  9. rosmephAugust 22, 2022 at 10:14 PM

    f138r4egdwx695 wholesale sex toys,sex chair,dildo,rabbit vibrators,wholesale sex toys,vibrators,G-Spot Vibrators,anal toys,dog dildo b637m7habub245

    ReplyDelete
  10. AnonymousNovember 30, 2022 at 2:51 PM

    It also offers them a 코인카지노 cause to look at most or all of the sport, which is unusual. The Team Whistle survey found that 70 p.c individuals who|of individuals that} bet on a sport watch all of it, versus forty eight p.c of those who haven’t. And it supplies a window to sports they don’t often observe.

    ReplyDelete
  11. apcamericaMarch 15, 2023 at 10:09 AM

    This comment has been removed by the author.

    ReplyDelete
  12. apcamericaMarch 15, 2023 at 10:10 AM

    It is a proficient article that you have shared here about system company I got some unique and valuable information from your article security system company Thankful to you for sharing this article here.

    ReplyDelete
  13. cottondayzApril 7, 2023 at 9:17 AM

    Great blog ! I am impressed with suggestions of author.
    Cotton Clothing For Women

    ReplyDelete

Post a Comment

Popular posts from this blog

Vulnerability Assessment vs. Penetration Test

It is all about  Vulnerabilities.  So, what is the Vulnerability? It is a  Weakness  in an  Information System or  System Security Procedures or  Internal Controls or System D esign or System  Implementation or  Configuration/Setup  that will raise risk and expose it to be exploited or triggered by a threat actor.  As  Window Snyder -  Chief Security Officer at Square, Inc. said:   "One single vulnerability is all an attacker needs.".    To find this vulnerability we need to search for it and to search for it we need to test the system from a security perspective to find it. So,  Security Testing is to identify the threats in or on the system and measure its potential vulnerabilities "Weaknesses" so these threats and vulnerabilities must be remediated to reduce the risk. In other words, Security Tests are to identify all possible loopholes and weaknesses of the system which might result in a loss of information, revenue, repute at the hands of the employees or outsi
Read more

Vulnerability Management (VM) vs. System Admins. It is a challenge !!!

I was facing problem in arranging my thoughts on how I can manage the vulnerability scan results of the servers and other equipment on my network.  I wrote this article to bring the results of the research that I performed in this field to help others in managing the vulnerabilities and resolve it as soon as possible. Because the main factor in vulnerability management is time as soon as you resolve it as soon as you will be secure.    Vulnerability assessment (VA)  is part of the vulnerability management (VM) tasks that the security professional perform on regular basis. The first step in any VM task is to discover your network and find all the assets you have to assess the vulnerabilities on it. So, you need a tool to map and discover your network and run it. Keep in mind to perform the discovery scan on a frequent basis to keep your asset list up to date.  The second step reviews the results and group  the assets based on an operating system that assets run on. The method I u
Read more