The Security Role Cluster plays an important role in nearly all IT activities, especially in e-business. An information system with a weak security foundation eventually will experience a security breach. Depending on the information system and the severity of the breach, the results could vary from embarrassment, to loss of data, to loss of revenue, to loss of life.

The primary goals of the Security Role Cluster are to ensure:

• Data confidentiality - No one should be able to view data if not authorized.
  
• Data integrity - All authorized users should feel confident that the data presented to them is accurate and not improperly modified.
  
• Data availability - Authorized users should be able to access the data they need, when they need it.
  

Security specialists in this role focus not only on the technical intricacies of protecting the corporate network, but on the business policies and practices for such things as company e-mail, remote access usage, permissions on sensitive corporate financial and human resource data, and issues as specific as maintaining the confidentiality of the organization's employee phone listing.

Information security architecture bridges the gap between platform-specific security measures and corporate business process and policy directives. One example of security's role in business processes is defining and implementing exit procedures for employees leaving the company. When an employee leaves the company, the risk to the corporation is especially high and in need of managing, especially when a company's business is intellectual property, which is more difficult to track.

The Security Role Cluster contributes to both enterprise IT and business unit IT activities. This role cluster is also integral in working with the Infrastructure Role Cluster in evaluating security-related system and automation tools such as third-party intrusion-detection systems.

Another responsibility of the Security Role Cluster is creation of a comprehensive plan for the audit, retention, classification, and secure disposal of data. Legal, financial, and historical data needs to be safely stored for appropriate periods of time as defined by law, the industry, and the organization. This requires implementing an efficient backup and retrieval process in the operations role. Noncritical data should be disposed of to minimize storage costs. Physical security, as it relates to data, assures secure telephone and data connections and physical access to assets, as well as secure connections to business partners, joint ventures, and new acquisitions. Exposures related to weak physical security allow easy access to intruders. For related risk management information and guidance, please review the MOF Risk Management Discipline for Operations document, which is available at Microsoft Operations Framework (MOF).

Key responsibilities of the Security Role Cluster include:

• Helping to monitor the correct operations of IT resources.
  
• Detecting intrusions and protecting against viruses.
  
• Providing denial-of-service protection.
  
• Defining policies for data retention and secure data disposal.
  
• Performing audit tracking and reporting.
  
• Providing effective network domain security design and management.
  
• Testing and implementing strategic security technology.
  
• Monitoring and assessing network vulnerability.
  
• Providing fast, real-time network intrusion response.
  
• Managing Public Key Infrastructure (PKI) technology requirements.
  
• Managing Internet Protocol (IP) security requirements.
  
• Managing authentication and access methods requirements.
  
• Managing user-policy usage and requirements (such as a password policy).
  
• Managing external and physical security requirements (such as access to computer rooms).
  
• Managing secure messaging requirements.
  
• Providing ongoing technical support and subject matter expertise for security initiatives within the company.
  

Key skills required of the Security Role Cluster include:

• Understanding of security policies and ability to review them for completeness.
  
• Understanding of business areas and the type of data they deal with in order to improve security.
  
• Ability to set up shared areas on various servers.
  
• In-depth understanding of the security model of the company's operating platforms.
  
• Extensive knowledge of networking. Understanding of viruses and antivirus methods.
  
• Ability to balance security issues against productivity issues to ensure that neither is lowered greatly by security policies.
  
• Ability to set up security profiles for different groups of users.
  
• Ability to educate and inform employees about security procedures.
  
• Ability to work and consult with other IT groups when security questions arise.
  
• Understanding of the methods of securing data and files, such as authentication and encryption, and products that enable and improve these methods.
  
• Ability to work with vendors offering security solutions in order to evaluate product offerings.
  
• Ability to monitor security risks, such as outgoing employees, to help maintain security.
  
• Ability to conduct security audits.