Professional Documents
Culture Documents
01 Laboratory Exercise 1
01 Laboratory Exercise 1
Laboratory Exercise 1
Cybersecurity Role
Objective:
At the end of the exercise, the students should be able to:
Materials:
Internet connection
MS Office
Procedures:
1. Read the blog post entitled “Cybersecurity Team Structure: 7 Important Roles & Responsibilities” by
Melissa Stevens below.
Y ou’ve heard it said that a chain is only as strong as its weakest link. When it comes to your
cybersecurity team, this adage couldn’t be more appropriate. If you want this team to
perform with both diligence and accuracy, it’s critical that you consider the following:
First, every team member understands the importance of their role. Everyone on the team
needs to be focused and performing well every single day to be effective—and they need to
understand why that is so important. Even those team members with repetitive functions—like those
in access/identity management, for example. They handle sensitive data and could inadvertently cause
a cybersecurity issue if they’re not careful. They must remain vigilant and engaged. Simply telling
everyone their job is critical isn’t impactful; instead, demonstrate how their jobs are critical to the
health and security of the business by tying what they do day-to- day to the organization’s strategic
goals.
Second, security is there to facilitate the business, not to work against the business. If
even one member of your team takes on a “no can do” attitude for every management request, that will
throw off the rest of the team. Emphasize to every team member that their job is to help the business
find the most secure way to accomplish the need—security and the business should be partners. There will
be times when you must deliver the message that the business request poses a significant risk but it’s
usually a business decision to accept that risk or not. If you focus on helping the business achieve its
goals in a secure way that’s appropriate for what’s at risk, the times you need to say no will be rare.
As a result, the business will be more likely to listen when those times come.
Finally, it’s critical not to overstate risk, but to keep the discussion logical and fact-
based. As Celia Baker, President of the IntelliGRACS Group Inc., told us, “If you’re going to say
the sky is falling, be sure it’s really falling—not just starting to rain.” Some security professionals may
be tempted to craft dramatic cybersecurity messages based on FUD (fear, uncertainty, and doubt) to
secure funding or make a point. That may work once or twice—but in the long term, management will
stop listening. Ensure that every team member keeps their presentations solid and fact-based as risk is
being communicated up the chain and across the business.
The above guidelines will be useful for managing your group, but you’ll also need the right people in
place who can work well within those parameters. Below we’ve outlined seven skills, traits, roles, and
responsibilities necessary for a well-rounded cybersecurity team.
6. Data Analytics
Do you have someone on your cybersecurity team who can look at raw data to identify patterns and cull
out useful and actionable information? Knowing and understanding how to correlate and interpret data
is critical for cybersecurity. If not, you need to be sure you hire for this or foster this skill as soon as
possible.
b. Among the seven (7) roles and responsibilities of cybersecurity structure, which one do you
think is the most important?
For me among the seven roles and responsibilities of cybersecurity structure is the “Risk
Mitigation” because in this role all members must know how to mitigate risk and
identifying weak points to know where or what part of the system needs to upgrade to
make data safe.
GRADING RUBRIC:
Criteria/Scoring 0 – 35 36 – 70 71 – 100 Score
No output done. Explained the article Provided examples /100
Procedure
and gave some and explained the
Execution
examples. article clearly.
TOTAL /100
Reference:
Stevens, M. (2017, July 10). Cybersecurity team structure: 7 important roles & responsibilities. Retrieved from
https://www.bitsight.com/blog/cybersecurity-teams on April 24, 2019