Organizations large and small consist of multiple departments, all requiring cross-departmental and cross-functional collaboration to be successful. This concept is no different with security operations. Security Operations is no island and your team can’t secure everything by themselves. Cybersecurity is a team sport, and everyone needs to be involved. Your security operations team needs to collaborate with other groups and departments to understand priorities, goals, and objectives.
Major departments and other stakeholders – such as Information Technology (IT), Human Resources (HR), and the organization’s Board – are key partners in maintaining a successful SecOps program. Let’s walk through these key departments and stakeholders to understand how the security team should work with each to keep data secure.
Information Technology (IT)
Security Operations and IT often work hand-in-glove, with some small and mid-sized companies even combining IT and Security teams. Therefore, it is critical to communicate and meet regularly and align both teams’ priorities, even if it means you need to give and take a little with budgets and resources. Most importantly, make sure Security Operations and IT share common goals and that the teams partner up often to ensure efficient solution implementation.
Human Resources (HR)
Work closely with your HR team to make sure they understand any issues or needs your team may have. The cybersecurity workforce gap is a significant and real problem. Ensure your HR recruiting team promotes professional development opportunities in cybersecurity and understands how to appropriately set cybersecurity applicant qualifications.
Marketing can help the security operations team facilitate a culture of company-wide cooperation and support, just like they might with any company initiative. Don’t be afraid to leverage the broad communication skills of the marketing team to generate internal buzz for a new security product, feature, or cybersecurity training. Marketing can also help build cyber awareness through promotion and internal communications.
You must approach your organization’s board of directors differently than other departments. Boards tend to think ‘big picture;’ therefore, give them strategy and don’t weigh them down with tactics and minutiae.
Consider the following:
- Focus on the overall business impact and how security capabilities reduce corporate risk.
- Use your time with the board to discuss overall strategic initiatives and keep discussions about new gadgets to a minimum.
- When discussing security initiatives with your board, make sure to correlate the initiative to corporate goals and objectives—and be sure to align security risk to business risk.
- Be transparent and honest with the board—especially regarding security risks or the level of the organization’s security maturity.
- Describe to your board how your security operations activities mitigate business risks and contribute to overall business goals.
External groups require different collaboration and engagement approaches:
Customers and Clients—Customers and clients often need encouragement to take cybersecurity seriously. (This is also a good opportunity to leverage the marketing team for ideas on promoting cyber with customers and clients.)
Auditors & Regulators—You should communicate with auditors and regulators at least once a year and use their knowledge and expertise to obtain information and opinions on new laws and regulations.
Vendors, partners, and third parties—Vendors, partners, and third parties need to be held accountable for whatever security solutions and regulatory requirements are relevant to them. Supply chain attacks originating from third parties can have a devastating impact. Evaluate the security practices of all vendors and partners and consider creating supplemental agreements requiring vendor security audits and assessments. In addition, meet with your vendors and partners to find out:
- Which of your corporate networks does the vendor have access to?
- What data does the vendor have access to?
- What is the vendor doing with the information?
- What is the risk to your business if that vendor is breached?
- Does that vendor share your company data with any other external organizations?
Tracking activities and success
For effective collaboration, it is critical to set regular meeting schedules and track not only how often you meet, but what is discussed, action items, and outcomes of the collaboration. In addition, keep track of how many projects, releases, and ‘go live’ dates where someone from cyber is directly involved in conjunction with other teams. Finally, ensure that security issues are discussed when and where appropriate—for example at “all hands” meetings or during October’s annual Cyber Awareness Month.
Nobody knows an organization’s security like the Security Operations team. Therefore the team needs to ensure collaboration across the company when it comes to SecOps. A mature, cohesive SecOps program is increasingly important in today’s threat landscape, and the protections of SecOps cross all department barriers. Whether your organization has a small security team or a large one, ensure you collaborate with all departments to maximize security effectiveness and maximize your organization’s potential for success.
Interested in learning more about improving your security maturity and selecting an MDR provider to get started with? Download Deepwatch’s “MDR Buyer’s Guide”.
Deepwatch is a trusted security leader, offering professional and innovative managed security to help support security operations and stop breaches and attacks. Deepwatch’s managed detection and response services include 24/7/365 threat monitoring, alerting, validation, and proactive threat hunting, with accelerated detection of malware, botnets, and ransomware behavior aided by the industry’s most comprehensive and fastest platform built with machine learning and content libraries.