Figure 5-4 shows an actual cyber security team structure. Figure 5-5 to 5-7 are examples of Cyber Security team structures.
Cyber Security Team Structure
Figure 5-5: Cyber Organisation Structure for Singapore Armed Forces (Bhunia, 2017)
Figure 5-6: Cyber Organisation Structure from Indian Institute of Technology Ropar (IITR, 2013)
Figure 5-7: Cyber Security Team Structure
Figures 5-4 to 5-6 show the respective structure that the organizations have developed to tackle cyber security. The organization chart is synthesized and combined as one entity, shown in Figure 5-7.
The view is that cyber security should be seen as one part of the overall security management within the organization. Previously, it was misunderstood that only the IT department is responsible for cyber security issues. However, since the IT team is part of the BCM team structure, the IT department can use this forum to collaborate with the other departments to tackle the cyber security issue.
By combining the structures, the actions performed by the cyber security team become clearer. The crucial link between cyber security and business continuity is established as the constitution of the respective team is identified.
This structure makes the entire organisation more aware of cyber security threats. From here, the team members can collectively develop a comprehensive cybersecurity program.
Roles and Responsibilities of CXOs
1. Chief Security Officer (CSO)
The CSO is responsible for the organization’s security management (physical and cyber). CSO ensures that the security management program within the organization is developed and constantly updated to remain relevant.
CSO communicates with senior management about the organisation's security issues and challenges.
2. Chief Information Security Officer (CISO)
The CISO is responsible for IT (cyber) security management. This (Ogden, 2014) covers the management of network security, information security, and cyber security attacks.
3. Security Project Management Office
The (Cyber) Security Project Management Office ensures that best practices and standards (Toivonen, 2015) are executed for projects to be completed on time and within budget.
The planning, management, and execution (County of Placer, 2017) of the organization’s IT project portfolio are overseen by the PMO.
Roles and Responsibilities of Teams
Several teams are assigned and responsible for cyber security in many organisations. The relationship between the Information Security, IT Security, and Cyber Security teams is explained and shown in Figure 5-8. | |
Figure 5-8: Relationship between the Information Security, IT Security, and the Cyber Security Teams (Target Postgrad, 2014) (Chandana, 2013) |
1. Information Technology Security Team
The Information Technology Security Team manages the technological components of the organization, such as the network, software, websites, and systems. Ensures that both physical and electronic data are protected.
2. Information Security Team
The Information Security Team develops security policies to ensure that the technological aspects of the organization are protected. The main focus is on the confidentiality, integrity, and availability (CIA) of the data for the organization. Involves data found in both physical and electronic forms.
3. Cyber Security Team
The Cyber Security Team is responsible for developing the mitigation measures to protect the organization from cyber security attacks and response measures for the effective recovery of technological infrastructures should the organization fall into a cyber security attack.
5.5.1 Cyber Security Specific Scope | 5.6 Scenario Development | 5.7.1 BCM Team Structure for CIR | 5.7.2 Cyber Security Team Structure |
5.8 BCM and Cyber Security Framework | 5.9 Relationships Between the BCM & CIR Structures | 5.10.1 Relook at Existing Structure and Initiatives | |
Competency-based Course |
Certification Course | ||
Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.
Reference: Chapter 5 Project Management 5.7.2 Cyber Security Team Structure
Note: This version was the draft 2nd Edition being updated in 2022. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.