Our current information security organization needs revamping. We have a bunch of different products we use, processes defined, but generally disorganized. We are not doing anything in terms of security strategy. We now have budget to expand resources and want to setup ourselves "properly" in terms of an organizational model. I have looked into SABSA, NIST, as well as ISO but none really connect the theoretical with the practical. Does anyone have recommendations starting with a VP/Director of security on down?This would be for a general corporation (e.g. financial services). We need to cover things like operations (keeping the monitoring processes running), forensics/investigations, and keeping all the products we use updated as well as minor development to automate things here and there.
Can anyone point me in a good direction? In addition, with that org chart, it would be nice to be able to figure out each branch would "hand off" to one another -- how they all play together.
Start Free Trial
