Abstract
We have introduced in the first three chapters the basic concepts of risk management (Chapter 1), the profiles of the IT security team (Chapter 2) and the contract between the security team and the individual (Chapter 3). Chapter 4 has provided details on the activities to perform and the way they can be justified, prioritised and distributed within the team. Chapter 5 provides leads on how to perform IT security activities and on how to organise actions so that the IT security team can fulfil their mandate.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Additional input on stress in Chapter 6.
- 2.
Eduard Punset interviews Professor Gary Marcus, psychologist at New York University. http://www.smartplanet.es/redesblog/?p=460. Last accessed 20-09-2009.
- 3.
Machiavelli published in 1532 “The Prince”. A treaty on how to most successfully obtain and maintain power.
- 4.
To provide IT security expertise, see Section 1.19.
- 5.
A “tweet” is a posting on tweeter, a micro-blogging service.
- 6.
See Section 3.6.
- 7.
See Section 4.7.
- 8.
Unless the IT security team are monitoring devices real time.
- 9.
See Section 3.13.
- 10.
This is a project management acronym for specific, measurable, achievable, relevant and timely objectives.
- 11.
Lateral thinking is a term coined by Edward De Bono in a book published in 1970 with the same title. ISBN 0-14-021978-1.
- 12.
See Section 4.7 for a collection of potential sources of activities for the team.
- 13.
See Section 3.5.
- 14.
See Sections 4.8 and 4.9.
- 15.
See Section 3.3.
- 16.
The concept of tool we use here is very broad: It ranges from hardware or software equipment to training measures such as on-the-job training, access to specialised fora or collaboration with experts on specific topics.
- 17.
Giuliani (2002), p. Contents.
- 18.
See Section 4.7.
- 19.
See Section 4.7.
- 20.
In organisations with a strong strategic alignment.
- 21.
See Section 5.1.
- 22.
Team members could use unavoidable waiting times to prepare the start of a new step.
- 23.
See Sections 2.6 and 5.2.
- 24.
- 25.
See Chapter 8.
- 26.
See Section 1.20.
- 27.
See Chapter 7.
- 28.
See Chapter 7.
- 29.
Two examples:
-
IT security teams taking over firewall management activities.
-
Proposing new and more secure (but less comfortable) ways to work with privileged system accounts
.
-
- 30.
We include security as an essential part of the quality package.
- 31.
Maybe it could also be aiming at collaborating with local communities.
- 32.
For example, to warn all users about a potential piece of malware they could receive in their mailboxes.
- 33.
For example, a basic web-based forum or collaboration tool.
- 34.
There is also a problem related to the size of the team: If the team consists of more than, e.g. eight members, then each mini-team will do its own gathering and afterwards representatives of all mini-teams will have a collective meeting.
- 35.
Regardless of the means that IT security leaders use to communicate these “mini assignments”, be it e-mail, a phone call or a face-to-face conversation.
- 36.
Chapter 7 deals with communication and marketing strategies.
References
Giuliani, R.: Leadership (Contents). Little Brown, London (2002)
Harding, S., Long, T.: MBA Management Models. Gover, England, pp. 84, 181 and 187 for Chapter 1, pp. 105–108 and 109–112 for Chapter 2, pp. 161–163, 197–199, 59–63 and 73–76 for Chapter 4, pp. 17–20 and 21–24 for Chapter 5, pp. 101–103 and 121–124 for Chapter 6, pp. and 191–194 and 95–98 for Chapter 8, pp. 149–153 and 169–172 for Chapter 9 and pp. 211–214 and 173–176 for Chapter 10 (1998)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2010 Springer Netherlands
About this chapter
Cite this chapter
Partida, A., Andina, D. (2010). How to Do It: Organise the Work in “Baby Steps”. In: IT Security Management. Lecture Notes in Electrical Engineering, vol 61. Springer, Dordrecht. https://doi.org/10.1007/978-90-481-8882-6_5
Download citation
DOI: https://doi.org/10.1007/978-90-481-8882-6_5
Published:
Publisher Name: Springer, Dordrecht
Print ISBN: 978-90-481-8881-9
Online ISBN: 978-90-481-8882-6
eBook Packages: EngineeringEngineering (R0)