CIR Team: Team Composition

Written by Moh Heng Goh | Nov 13, 2022 7:53:53 AM

CIR Team

Team Composition Managing Cybersecurity

After coverage of the respective teams has been determined, the organization now has to identify each team's makeup. A team consists of personnel with varying skill sets coming together to achieve a common objective – in this case, an organization secures itself from cyber security threats.

The team will have their strengths compounded with each other and their weaknesses erased through cooperation. Hence, a team should consist of employees capable of both coordination and unity to achieve a goal.

The full explanation for each team will be elaborated in the following table, “Roles & Responsibilities.”

Team Composition	InfoSec	IT Sec	CS
“Red”; “Blue”; and “Purple” (Miessler, 2017)	✓	-	-
IT Security Team: Chairperson/Leader; Representatives from different business units; Analysts; Engineers; Technicians (Tripwire, 2014)	-	✓	-
“Netter”, “Defender”, “Healer”, “Leader”, “Fusor”, “Cryptor”, “Scrivener”, and “Coder.” (Stern, 2013)	-	-	✓
Report to Chief Information Security Officer (CISO) *	✓	✓	✓

Figure 1: Types of Teams and their Composition

The *Chief Information Security Officer (Ogden, 2014) or CISO is responsible for IT (cyber) security management. This covers the management of network, information, and cyber security attacks.

He/ She develops the organization’s cyber security program. He/ She needs to earn respect and be assertive to ensure authority is gained for the smooth development of the cyber security program.

Roles and Responsibilities

The composition of each team has been established and identified. Therefore, it is timely that the respective roles and responsibilities (Brenner, 2013) be allocated to each team member.

Overburdening a single member with too many responsibilities is always dangerous, and the roles and responsibilities must be spread out. In summary, an effective cybersecurity program should be managed as a constant, ongoing process, and different members must take up different roles to ensure that the program stays effective.

Concerning the three teams, as highlighted in Figure 1, the detailed roles and responsibilities are as appended in Figure 2.

Roles & Responsibilities	Info Sec	IT Sec	CS
Red Team
Bring in external entities to test the effectiveness of the security program. Emulate techniques and behaviour of attackers.	✓	-	-
Blue Team
Defend attacks from Red Team and actual cyber criminals. Differ from standard security teams due to having a mentality of constant vigilance against attack.	✓	-	-
Purple Team
Maximize the effectiveness of both teams. Integrate defensive tactics and controls from Blue Team with threats and vulnerabilities identified by Red Team. Deploy Purple Team is unnecessary if the Red Team performs its duties correctly. Find ways to improve the Blue Team(Miessler, 2017)	✓	-	-
IT Security Team
Protect IT systems (software/ hardware/ applications/ network). Keep information assets, customer data, financial information, and other critical IT information secure. Manage access controls; only allowing access to information to users based on necessity and identity. Create security devices/ software to protect information. Utilize a network system to manage security measures. Inspect system and network processes for security updates regularly. Audit security and safety measures and strategies. (Chandana, 2013)	-	✓	-
Netter
Make the organization’s network secure and reliable. Expert in determining the norm network behaviour and detecting anomalies. Have an absolute understanding of networks and connected devices.	-	-	✓
Defender
is responsible for the mitigation measures. Defend all aspects of the organization from potential cyber security attacks. Has the highest privilege user account (configuration control). Understand the impacts on business functions.	-	-	✓
Healer
Is responsible for response measures. If the “Defender” cannot mitigate the cyber security attack, Attempt to resolve the issue without suffering huge impacts.	-	-	✓
Leader
Assign someone in charge that is accountable for the actions of the team. Provide a clear understanding of relevant business functions/ processes supported by IT infrastructure. Coordinate activities performed by the team to achieve the most significant effect.	-	-	✓
Fusor
Provide intelligence support through gathering information regarding cyber security threats to the organization. Use knowledge of business processes to build intelligent products while specific threat types on supporting infrastructure are identified.	-	-	✓
Cryptor
Is responsible for preventing unauthorized access to the technological infrastructure.	-	-	✓
Scrivener
Describe a patient, persistent and detailed oriented person responsible for documentation so the organization meets regulatory requirements.	-	-	✓
Coder
Responsible for testing the security measures implemented due to expertise in software coding. (Stern, 2013)	-	-	✓

Figure 2: Roles and Responsibilities for the Type of Teams

Roles and Responsibilities for the Three Teams

Though Figure 2 shows the differences (Brenner, 2013) between the respective team, these are the typical roles and responsibilities (Hunt, 2015) for the three teams.

Manage risk management;
Identify cyber security threats that affect their business operations;
Establish the vulnerabilities that the organization has that allow cybercriminals to exploit; and
Develop countermeasures to either eliminate/reduce the vulnerabilities or the threat itself.

Related Concept to Cybersecurity Coverage by IT Teams

Type of Coverage by IT Team	Team Composition	Maintain Strong Cybersecurity Processes and Functions	Skill Sets and Long-Term Challenges	Back To: Team Handling CIR

Do You Want to Continue BCM Training onsite or online?

Competency-based Course		Certification Course

Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.

Reference: Chapter 3 What Are the Typical IT Teams Handling Security for IT? 3.3 Team Composition and 3.4 Roles and Responsibilities

Note: This version was the draft 2nd Edition being updated in 2023. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.

View full post