How to Do It: Organise the Work in “Baby Steps”

Partida, Alberto; Andina, Diego

doi:10.1007/978-90-481-8882-6_5

Alberto Partida GIAC, CEH, CISSP, CISA, CGEIT, MBA³ &
Diego Andina⁴

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 61))

1319 Accesses

Abstract

We have introduced in the first three chapters the basic concepts of risk management (Chapter 1), the profiles of the IT security team (Chapter 2) and the contract between the security team and the individual (Chapter 3). Chapter 4 has provided details on the activities to perform and the way they can be justified, prioritised and distributed within the team. Chapter 5 provides leads on how to perform IT security activities and on how to organise actions so that the IT security team can fulfil their mandate.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

eBook: USD 16.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Hardcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
Additional input on stress in Chapter 6.
2.
Eduard Punset interviews Professor Gary Marcus, psychologist at New York University. http://www.smartplanet.es/redesblog/?p=460. Last accessed 20-09-2009.
3.
Machiavelli published in 1532 “The Prince”. A treaty on how to most successfully obtain and maintain power.
4.
To provide IT security expertise, see Section 1.19.
5.
A “tweet” is a posting on tweeter, a micro-blogging service.
6.
See Section 3.6.
7.
See Section 4.7.
8.
Unless the IT security team are monitoring devices real time.
9.
See Section 3.13.
10.
This is a project management acronym for specific, measurable, achievable, relevant and timely objectives.
11.
Lateral thinking is a term coined by Edward De Bono in a book published in 1970 with the same title. ISBN 0-14-021978-1.
12.
See Section 4.7 for a collection of potential sources of activities for the team.
13.
See Section 3.5.
14.
See Sections 4.8 and 4.9.
15.
See Section 3.3.
16.
The concept of tool we use here is very broad: It ranges from hardware or software equipment to training measures such as on-the-job training, access to specialised fora or collaboration with experts on specific topics.
17.
Giuliani (2002), p. Contents.
18.
See Section 4.7.
19.
See Section 4.7.
20.
In organisations with a strong strategic alignment.
21.
See Section 5.1.
22.
Team members could use unavoidable waiting times to prepare the start of a new step.
23.
See Sections 2.6 and 5.2.
24.
Should that not be the case, then it is the IT security team members’ task to raise their interest (see Chapters 7 and 8).
25.
See Chapter 8.
26.
See Section 1.20.
27.
See Chapter 7.
28.
See Chapter 7.
29.
Two examples:
- IT security teams taking over firewall management activities.
- Proposing new and more secure (but less comfortable) ways to work with privileged system accounts
.
30.
We include security as an essential part of the quality package.
31.
Maybe it could also be aiming at collaborating with local communities.
32.
For example, to warn all users about a potential piece of malware they could receive in their mailboxes.
33.
For example, a basic web-based forum or collaboration tool.
34.
There is also a problem related to the size of the team: If the team consists of more than, e.g. eight members, then each mini-team will do its own gathering and afterwards representatives of all mini-teams will have a collective meeting.
35.
Regardless of the means that IT security leaders use to communicate these “mini assignments”, be it e-mail, a phone call or a face-to-face conversation.
36.
Chapter 7 deals with communication and marketing strategies.

References

Giuliani, R.: Leadership (Contents). Little Brown, London (2002)
Google Scholar
Harding, S., Long, T.: MBA Management Models. Gover, England, pp. 84, 181 and 187 for Chapter 1, pp. 105–108 and 109–112 for Chapter 2, pp. 161–163, 197–199, 59–63 and 73–76 for Chapter 4, pp. 17–20 and 21–24 for Chapter 5, pp. 101–103 and 121–124 for Chapter 6, pp. and 191–194 and 95–98 for Chapter 8, pp. 149–153 and 169–172 for Chapter 9 and pp. 211–214 and 173–176 for Chapter 10 (1998)
Google Scholar

Download references

Author information

Authors and Affiliations

Technical University of Madrid Universidad Politécnica de Madrid (UPM), Madrid, Spain
Alberto Partida GIAC, CEH, CISSP, CISA, CGEIT, MBA (Information Security Expert)
Grupo de Automatización en Señal y Comunicaciones, Technical University of Madrid Universidad Politécnica de Madrid (UPM), Madrid, Spain
Diego Andina

Authors

Alberto Partida GIAC, CEH, CISSP, CISA, CGEIT, MBA
View author publications
You can also search for this author in PubMed Google Scholar
Diego Andina
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alberto Partida GIAC, CEH, CISSP, CISA, CGEIT, MBA .

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Partida, A., Andina, D. (2010). How to Do It: Organise the Work in “Baby Steps”. In: IT Security Management. Lecture Notes in Electrical Engineering, vol 61. Springer, Dordrecht. https://doi.org/10.1007/978-90-481-8882-6_5

Download citation

DOI: https://doi.org/10.1007/978-90-481-8882-6_5
Published: 07 April 2010
Publisher Name: Springer, Dordrecht
Print ISBN: 978-90-481-8881-9
Online ISBN: 978-90-481-8882-6
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics