Information security inside an organization look like a football game. Each person has different role and responsibility but having a common goal. The goal is to securing data and information of organization from technical level to strategic level.
We can map the roles exists in football to each member of IT security team, such as:
-
The goal keeper and defender, they are the sysadmin and infrastructure
network team. Protecting the assets at all cost. Their solid defense is
contributed not only by their skills and knowledge, but also from the
support of tools like firewall, SIEM, etc.
-
The midfielder, or the one who balance the team. Their position is
vital to maintain the game-play. They can be in backward position and in
forward position in another time. They go by the name Information Security Officer,
Division of Risk Management Internal, and Division of Compliance.
-
The strikers, or the man who play the offensive parts. They are Information Security Consultant and Pentester. Their sole purpose is to penetrate the foe
and scored a goal.
- The coach is
the Top management. They oversee the game and take all responsibility
of all result. Giving morale, guide the team, and decide what tactic
should be used in the game.
- The
tactic is like a information-security framework. The framework manage
the position and task for each person in the team. It is also used to
deciding the process when the game is on, either going defensive,
offensive, or fortify the middle position to maintain the balance. Every
tactic has advantage and disadvantage.
-
Last but not least, the supporter. They are the stakeholder who has
interests and concerns to the organization. They will support the team
to be successful in running the business process inside the
organization.
Thanks to:
@AdyWikradinata
@dvnrcy