CIR Team
Team Composition Managing Cybersecurity
After coverage of the respective teams has been determined, the organization now has to identify each team's makeup. A team consists of personnel with varying skill sets coming together to achieve a common objective – in this case, an organization secures itself from cyber security threats.
The team will have their strengths compounded with each other and their weaknesses erased through cooperation. Hence, a team should consist of employees capable of both coordination and unity to achieve a goal.
The full explanation for each team will be elaborated in the following table, “Roles & Responsibilities.”
Team Composition |
InfoSec |
IT Sec |
CS |
“Red”; “Blue”; and “Purple” (Miessler, 2017) |
✓ |
- |
- |
IT Security Team: Chairperson/Leader; Representatives from different business units; Analysts; Engineers; Technicians (Tripwire, 2014) |
- |
✓ |
- |
“Netter”, “Defender”, “Healer”, “Leader”, “Fusor”, “Cryptor”, “Scrivener”, and “Coder.” (Stern, 2013) |
- |
- |
✓ |
Report to Chief Information Security Officer (CISO) * |
✓ |
✓ |
✓ |
Figure 1: Types of Teams and their Composition
The *Chief Information Security Officer (Ogden, 2014) or CISO is responsible for IT (cyber) security management. This covers the management of network, information, and cyber security attacks.
He/ She develops the organization’s cyber security program. He/ She needs to earn respect and be assertive to ensure authority is gained for the smooth development of the cyber security program.
Roles and Responsibilities
The composition of each team has been established and identified. Therefore, it is timely that the respective roles and responsibilities (Brenner, 2013) be allocated to each team member.
Overburdening a single member with too many responsibilities is always dangerous, and the roles and responsibilities must be spread out. In summary, an effective cybersecurity program should be managed as a constant, ongoing process, and different members must take up different roles to ensure that the program stays effective.
Concerning the three teams, as highlighted in Figure 1, the detailed roles and responsibilities are as appended in Figure 2.
Roles & Responsibilities |
Info Sec |
IT Sec |
CS |
Red Team |
|||
|
✓ |
- |
- |
Blue Team |
|||
|
✓ |
- |
- |
Purple Team |
|||
|
✓ |
- |
- |
IT Security Team |
|||
|
- |
✓ |
- |
Netter |
|||
|
- |
- |
✓ |
Defender |
|||
|
- |
- |
✓ |
Healer |
|||
If the “Defender” cannot mitigate the cyber security attack,
|
- |
- |
✓ |
Leader |
|||
|
- |
- |
✓ |
Fusor |
|||
|
- |
- |
✓ |
Cryptor |
|||
|
- |
- |
✓ |
Scrivener |
|||
|
- |
- |
✓ |
Coder |
|||
|
- |
- |
✓ |
Figure 2: Roles and Responsibilities for the Type of Teams
Roles and Responsibilities for the Three Teams
Though Figure 2 shows the differences (Brenner, 2013) between the respective team, these are the typical roles and responsibilities (Hunt, 2015) for the three teams.
- Manage risk management;
- Identify cyber security threats that affect their business operations;
- Establish the vulnerabilities that the organization has that allow cybercriminals to exploit; and
- Develop countermeasures to either eliminate/reduce the vulnerabilities or the threat itself.
Related Concept to Cybersecurity Coverage by IT Teams
Type of Coverage by IT Team | Team Composition | Maintain Strong Cybersecurity Processes and Functions | Skill Sets and Long-Term Challenges | Back To: Team Handling CIR |
Do You Want to Continue BCM Training onsite or online?
Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.
Reference: Chapter 3 What Are the Typical IT Teams Handling Security for IT? 3.3 Team Composition and 3.4 Roles and Responsibilities
Note: This version was the draft 2nd Edition being updated in 2023. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.