Assessing the performance of your security team is critical to both knowing your current posture, as well as planning ahead.
‘The Ultimate 2019 Security Team Assessment Template‘ is the first attempt to capture all the main KPIs of the security team main pillars, saving CIOs and CISOs the time and effort of creating such an assessment from scratch and providing them with a simple and easy-to-use tool to measure how their teams are operated in 2019, while setting up performance targets for 2020.
Building such a template is challenging because security teams vary greatly in size and internal responsibility distribution.
Additionally, there is little consistency in the terms used to designate the various positions across the industry – security analyst, for example, could have one meaning in a certain company and different one in another. The same goes for architects, managers, and directors.
The Security Team Assessment Template (download here) addresses this challenge by focusing on functionality. The two main pillars of the security team are A) ensuring that sufficient security products are deployed and B) making the best out of these products to maximize prevention, detection, and response capability.
The template covers the following security roles and responsibilities:
1) Security Architect — responsible for designing, building, testing, and implementing security systems within an organization’s IT network for the protection of both business and customer data.
A Security Architect is expected to have a thorough understanding of complex IT systems and stay up-to-date on the latest security standards, systems, and authentication protocols, as well as best practice security products.
2) Security Analyst Tier 1 — The Tier 1 Security Analyst is tasked with the initial triage and classification of security events at the ground level, supporting a 24x7x365 Security Operations Center.
The role follows standard operating procedures for detecting, classifying, and reporting incidents under the supervision of the SOC Manager and in partnership with Tier 2 SOC Analysts.
3) Security Analyst Tier 2 — tasked with conducting the technical aspects of response operation for critical events, escalated by the tier 1 analyst.
This includes immediate containment, investigation, management of remediation actions, as well and enhancing defenses, with the new knowledge acquired throughout the response process.
4) Security Analyst Tier 3 — tasked with the proactive discovery of undetected threats through ongoing monitoring of the environment for vulnerabilities and searching for the threats that can abuse it.
Additionally, the tier 3 analyst conducts Threat Hunting based on IOCs from threat intelligence feeds and delivers real-time visibility into the environment’s actual security posture with proactive penetration tests.
5) SOC Manager — responsible for establishing and overseeing the workflows of security event monitoring, management, and response.
Additionally, they are also responsible for ensuring compliance with SLA, process adherence, and process improvisation to achieve operational objectives.
6) Director of Security — oversees all the security-related functionalities within the organization, covering compliance with relevant frameworks, purchase, deployment, and maintenance of security products, and breach protection workflows.
The Director of Security reports to the CIO and acts as the source of information for all cybersecurity-related aspects of the organization.
As stated before, functionality matters more than the title. It makes sense that, for example, certain organizations will have individuals that carry out both tier 1 and tier 2 analyst responsibilities, or that the same individual owns tasks that are divided in the template between Security Architect and SOC Manager.
In larger organizations, the Security Architect might have a team of dedicated individuals for the endpoint, network, and cloud security. The variations are endless, but the main pillars described above are for the large part common, so CISOs should have no trouble matching the templates’ detailed functionalities to their unique team structure.
With the Security Team Assessment Template, CISOs can either use it as-is or customize it to the roles and positions in their organizations, evaluate with each team member his/her 2019 performance, and set up KPIs for 2020. Additionally, the template serves as an ideal tool to continuously track and monitor the operations of the security team.
So, if the template fits your security team as is – great.
And if, as we anticipate, this is not the case for a large portion of our readers – simply cut and paste the different responsibilities and KPIs to match the specific structure of your security team.
Download ‘The Security Team Assessment Template‘ here.