2.1 Introduction to Security Within the Organization

What regulations do we need to comply with?

What assets are most important?

What controls do we need to implement?

What is adequate protection?

Government

Governance

Green

Gallagher

Random

Rating Framework

Risk Management

Recursive

Compliance

Complete

Calculated

Champion

Cost of the asset after depreciation

How much customer data is lost if security is breached

How many people would be disrupted if the asset was unavailable?

How important is this asset to the company's profits?

The board of investors represents the interests of shareholders in a company

The CEO is the highest role and does not report to anyone

The CFO means Chief Financial Officer and reports to the CEO

Some organizations only have a CISO. In this case, the CISO serves both CISO and CIO roles

Safety Operations Command

Security Officer in Charge

Safety Officer in Charge

Security Operations Center

Miscommunication

Services

Backflow

Single Point of Failure

Shallow Security

A cybersecurity approach that uses multiple layers of security

To run military drills very deep under water

To store PII in a hidden location in the system

A newly created cybersecurity field that defends the critical underwater infrastructure between countries

Have multiple methods of protection for a given asset

To switch up paradigms of cybersecurity defence between systems

To monitor the types of attackers attempting to enter the system

To monitor and control the type of people we have on the SOC team