nanog mailing list archives
Re: Security team objectives
From: Royce Williams <royce () techsolvency com>
Date: Sun, 29 Jul 2018 21:12:26 -0800
On Sun, Jul 29, 2018 at 8:58 PM <valdis.kletnieks () vt edu> wrote:
On Mon, 30 Jul 2018 06:43:35 +0200, Ramy Hashish said:If you are going to start a security team in a newly founded IT organization, what will the objectives/results be?The answer will depend heavily on the organization that contains the IT group. The right answers will be different for a bank, an ISP, a Fortune500, or a large university. The location (country and state/province) and legal requirements for the company will also matter - I have to worry about FERPA, Comcast probably doesn't...
Nevertheless, some broad common objectives exist. IMO, no one summarizes it better than Richard Bejtlich, in his "Defensible Network Architecture 2.0": https://taosecurity.blogspot.com/2008/01/defensible-network-architecture-20.html The corresponding metrics for measuring results/progress would be more specific to the type of org. Royce Royce
Current thread:
- Security team objectives Ramy Hashish (Jul 29)
- Re: Security team objectives valdis . kletnieks (Jul 29)
- Re: Security team objectives Royce Williams (Jul 29)
- Re: Security team objectives Ramy Hashish (Jul 29)
- Re: Security team objectives William Herrin (Jul 31)
- <Possible follow-ups>
- Re: Security team objectives John Kristoff (Jul 30)
- RE: Security team objectives Hiers, David (Jul 31)
- Re: Security team objectives Scott Weeks (Jul 30)
- Re: Security team objectives valdis . kletnieks (Jul 29)