IT1914

Laboratory Exercise 1
Cybersecurity Role
Objective:
At the end of the exercise, the students should be able to:

 Describe the cybersecurity role of a company.

Materials:
 Internet connection
 MS Office

Procedures:
1. Read the blog post entitled “Cybersecurity Team Structure: 7 Important Roles & Responsibilities” by
Melissa Stevens below.

Y ou’ve heard it said that a chain is only as strong as its weakest link. When it comes to your
cybersecurity team, this adage couldn’t be more appropriate. If you want this team to
perform with both diligence and accuracy, it’s critical that you consider the following:
First, every team member understands the importance of their role. Everyone on the team
needs to be focused and performing well every single day to be effective—and they need to
understand why that is so important. Even those team members with repetitive functions—like those
in access/identity management, for example. They handle sensitive data and could inadvertently cause
a cybersecurity issue if they’re not careful. They must remain vigilant and engaged. Simply telling
everyone their job is critical isn’t impactful; instead, demonstrate how their jobs are critical to the
health and security of the business by tying what they do day-to- day to the organization’s strategic
goals.
Second, security is there to facilitate the business, not to work against the business. If
even one member of your team takes on a “no can do” attitude for every management request, that will
throw off the rest of the team. Emphasize to every team member that their job is to help the business
find the most secure way to accomplish the need—security and the business should be partners. There will
be times when you must deliver the message that the business request poses a significant risk but it’s
usually a business decision to accept that risk or not. If you focus on helping the business achieve its
goals in a secure way that’s appropriate for what’s at risk, the times you need to say no will be rare.
As a result, the business will be more likely to listen when those times come.
Finally, it’s critical not to overstate risk, but to keep the discussion logical and fact-
based. As Celia Baker, President of the IntelliGRACS Group Inc., told us, “If you’re going to say
the sky is falling, be sure it’s really falling—not just starting to rain.” Some security professionals may
be tempted to craft dramatic cybersecurity messages based on FUD (fear, uncertainty, and doubt) to
secure funding or make a point. That may work once or twice—but in the long term, management will
stop listening. Ensure that every team member keeps their presentations solid and fact-based as risk is
being communicated up the chain and across the business.
The above guidelines will be useful for managing your group, but you’ll also need the right people in
place who can work well within those parameters. Below we’ve outlined seven skills, traits, roles, and
responsibilities necessary for a well-rounded cybersecurity team.

01 Laboratory Exercise 1 *Property of STI

Page 1 of 2
 IT1914

Cybersecurity Team Structure: 7 Important Roles & Responsibilities

1. Software Development
Having someone on your team with secure software development skills is a huge advantage for a
cybersecurity team. Many companies rely on external third parties for development, but it really helps
strengthen a security program to have someone on board with the knowledge and skill set to be part of
those conversations.

2–4. Threat Intelligence, Intrusion Detection, & Incident Management

Key to cybersecurity are monitoring and identifying issues before they happen, catching issues as
quickly as possible, and taking the necessary steps after an incident has taken place— you’ll need
team members who can handle these discrete but connected functions.
5. Risk Mitigation
Every member of your team should understand how to mitigate risk. It’s helpful here to have team
members that understand controls and auditing. If you can think like an auditor, you can identify weak
controls (cause risk) and then implement appropriate mitigation strategies.

6. Data Analytics
Do you have someone on your cybersecurity team who can look at raw data to identify patterns and cull
out useful and actionable information? Knowing and understanding how to correlate and interpret data
is critical for cybersecurity. If not, you need to be sure you hire for this or foster this skill as soon as
possible.

7. The Ability To Work Across The Organization

More of a soft skill, this is still critical for every cybersecurity team member. You can have very
intelligent team members with top-notch security skills, but if these individuals can't have relevant
conversations with people in other departments in a manner that elicits cooperation, they’ll have more
limited career opportunities, limited effectiveness in their current roles, and less opportunity for
advancement. Not being able to speak the language of the business and other teams is a primary
reason good technical people don’t advance beyond middle management. So be sure every team member
knows how to work and communicate with other teams and other levels of management—knowing when
to lose the tech jargon will go a long way.
2. Answer the following questions:
a. What is the article all about?
 The article is all about how each member or each team of the company perform to do or to
give the best security for the company to avoid putting company in risk situation.

b. Among the seven (7) roles and responsibilities of cybersecurity structure, which one do you
think is the most important?
 For me among the seven roles and responsibilities of cybersecurity structure is the “Risk
Mitigation” because in this role all members must know how to mitigate risk and
identifying weak points to know where or what part of the system needs to upgrade to
make data safe.

c. Do you agree with the article? Why or why not?

 Yes I agree because for me this article is very helpful for someone who just start working
at company to have a idea how to protect companies data and avoid being hack by other
black hackers to by always looking at weak points of the company.

01 Laboratory Exercise 1 *Property of STI

Page 2 of 2
 IT1914

3. Submit your output to your instructor.

GRADING RUBRIC:
Criteria/Scoring 0 – 35 36 – 70 71 – 100 Score
No output done. Explained the article Provided examples /100
Procedure
and gave some and explained the
Execution
examples. article clearly.
TOTAL /100

Reference:
Stevens, M. (2017, July 10). Cybersecurity team structure: 7 important roles & responsibilities. Retrieved from
https://www.bitsight.com/blog/cybersecurity-teams on April 24, 2019

01 Laboratory Exercise 1 *Property of STI

Page 3 of 2