nanog mailing list archives

Re: Security team objectives

From: William Herrin <bill () herrin us>
Date: Tue, 31 Jul 2018 14:37:10 -0400

On Mon, Jul 30, 2018 at 12:43 AM, Ramy Hashish <ramy.ihashish () gmail com> wrote:

If you are going to start a security team in a newly founded IT
organization, what will the objectives/results be?


Hi Ramy,

Sounds like you're putting the cart before the horse. Understand your
security objectives first. That will determine the nature of the
security team or indeed, if there should be a specific security team
at all or some other security structure.

Some common security objectives include:

* Compliance with customer and vendor requirements

* Loss prevention

* Avoidance of legal liability for system compromise

* Avoidance of brand damage due to system compromise

* Operations continuity

Regards,
Bill Herrin



-- 
William Herrin ................ herrin () dirtside com  bill () herrin us
Dirtside Systems ......... Web: <http://www.dirtside.com/>

Current thread:

Security team objectives Ramy Hashish (Jul 29)
- Re: Security team objectives valdis . kletnieks (Jul 29)
  - Re: Security team objectives Royce Williams (Jul 29)
  - Re: Security team objectives Ramy Hashish (Jul 29)
- Re: Security team objectives William Herrin (Jul 31)
- <Possible follow-ups>
- Re: Security team objectives John Kristoff (Jul 30)
  - RE: Security team objectives Hiers, David (Jul 31)
- Re: Security team objectives Scott Weeks (Jul 30)