how can I categorize ?
how can I organize ?
how can I grouping the information security functions/tasks or responsibilities ?
At the moment in my organization, there is three department relevant to information security, belong to IT sector :
1- Security Operation technical Systems (firewall, AntiVirus, Mail security, PenTest, Patch Management)
2- Business Continuity ( IT services continuity, BCM, BIA, ISO22301)
3- IT Governance ( ITIL ,Polices and Procedures, ISO27001,Auditing )
Top management direct me to create new department outside IT sector which reports to CEO directly, the name will be Cyber Security, aimed to be independent in-order to ensure what related to information security matters are fine and works properly and adequately.
What are the roles (functions) should be handled by this new department, the Cyber Security ?
In other word, what are the tasks that have to be moved form three sections (up) to the new department ?
Typically, What are all Information security functions (areas) that any Enterprise has to ensure are covered and in place ? so I can organize and match every function to the relevant section of the four:
1- Cyber Security section (outside IT sector)
2- IT Governance section (inside IT sector)
3- IT security Operation (inside IT sector)
4- Business Cont-unity section (inside IT sector)
Hope my issue is clear :)