Essential Functions of a Cybersecurity Program


Let’s review the typical functions of a cybersecurity program.

These functions are often performed by separate teams in very large organizations or by a single team in smaller ones. Some of the following functions may be outsourced, especially when the work is highly repetitive and reliable vendors are available.

Many medium or smaller sized companies often outsource most of these cybersecurity functions to keep costs contained within their smaller budgets.

Security Operations Center (SOC)

The security operations center (or “SOC”) is the organizational focal point where information systems are:

  • Monitored to detect incidents
  • Assessed to identify vulnerabilities
  • Defended when they are under attack

The types of information systems monitored by a SOC include:

  • Websites
  • Applications
  • Databases
  • Data centers
  • Servers
  • Networks
  • Desktops
  • Other endpoints, like mobile devices

To operate smoothly, your SOC must clearly define roles and responsibilities as well as incident response procedures that describe the steps to be taken when an alert or report is received.

The SOC team may have a dedicated room at larger organizations. Or, they might collaborate from their individual desks.

Security Information and Event Management (SIEM)

A SOC typically operates around the alerts generated by a security information and event management (or “SIEM”) system.

The SIEM attempts to create a “single pane of glass” for the security analysts to monitor the entire organization. The SIEM aggregates and correlates data from security feeds such as:

  • System logs
  • Firewalls
  • Enterprise anti-malware systems
  • Vulnerability assessment systems
  • Intrusion detection and prevention systems

Staffing Your SOC

A typical SOC is staffed by analysts, security engineers, and managers.

The team members are usually trained in computer engineering, cryptography, and network engineering. The SOC staff will usually have earned one or more information security credentials.

Business Planning

Aside from a SOC, another common cybersecurity function is strategic and tactical business planning. A good example is when a company wants to use a new technology or methodology to make them more competitive.

A great cybersecurity team will work hard to find ways to use that new technology within the boundaries of the organizations’ risk tolerance.

This may require the cybersecurity team to find new ways of working, such as when agile software development became popular, or deploy new security products, like executive level email encryption.

The output of this work is usually a multi-year roadmap.

Cybersecurity Project Support

Most cybersecurity teams provide cyber risk guidance to the larger and riskier technology projects undertaken by the organization.

A yearlong migration of a line of business software package from one vendor to another is one good example. Another example would be the implementation of a cloud-based file sharing service.

In each case, the cybersecurity team helps the project team make good decisions about how the new system will be implemented while remaining consistent with the information security policy and the organizational risk appetite.

Security and Regulatory Compliance

Administrative ownership for compliance activities is often found outside the cybersecurity department. But it’s common for the cybersecurity team to provide support to the compliance team for periodic reviews or planning.

An insurance company, for example, will be periodically audited by their state insurance commissioner and many of the questions will be about cybersecurity and the cybersecurity team may have the best responses.

Security Administration

Security administration is another common cybersecurity program function that may include identity and access management. This is the daily task of creating new user accounts and modifying permissions to allow or deny network access.

Another common administrative function is evaluating whether new vendors are secure enough to handle your organization’s data.

Finally, your team may need to do firewall administration by adding and modifying firewall rules based on legitimate requests.

Cyber Risk Management

The final function I want to mention is risk management, which is the discipline of dealing with uncertainty about your future.

As you’ve probably noticed, risk management is a thematic responsibility woven into all Information Security functions. It’s also an annual program of work that’s designed to uncover and deal with new risks.

I’ll describe this process in much more detail in future posts.

Cyber Risk Opportunities provides middle market companies with cost-effective Cyber Risk Managed Programs to prioritize and reduce your top cyber risks, including the specific requirements of PCI, HIPAA, SOC2, ISO 27001, DFARS, and more.

Get in touch today to learn more and take advantage of a free 30-minute Q&A session with one of our cyber risk experts. Call 253-332-7867, or email us at info@cyberriskopportunities.com.