RE: Security team objectives

["Hiers, David" <David.Hiers () cdk com>]

The Big Goal of security can be stated something like this:

"To bend all of the cost and benefit curves to most closely align with the organization's security goals"

If the Board of Directors can't articulate the goals, your pretty much doomed.

David


-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of John Kristoff
Sent: Monday, July 30, 2018 5:00 AM
To: nanog () nanog org
Subject: Re: Security team objectives

On Mon, 30 Jul 2018 04:43:35 +0000
Ramy Hashish <ramy.ihashish () gmail com> wrote:

> If you are going to start a security team in a newly founded IT 
> organization, what will the objectives/results be?

Hello Ramy,

Management and organization buy-in is important.  Initially I would say it would be helpful to do some internal 
education and awareness, which helps with the first point.  Identify a few things you can improve upon right away.  
Some small obtainable achievements would help justify the team if the team can point to some early success.  Then build 
up that.

FIRST.org, which is the original security team community, has a wealth of very detailed guides and information you 
might look over:

  <https://www.first.org/resources/guides/>

John

----------------------------------------------------------------------
This message and any attachments are intended only for the use of the addressee and may contain information that is 
privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative 
of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. 
If you have received this communication in error, notify the sender immediately by return email and delete the message 
and any attachments from your system.