The Security Role Cluster plays an important role in nearly all IT activities, especially in e-business. An information system with a weak security foundation eventually will experience a security breach. Depending on the information system and the severity of the breach, the results could vary from embarrassment, to loss of data, to loss of revenue, to loss of life.
The primary goals of the Security Role Cluster are to ensure:
- Data confidentiality - No one should be able to view
data if not authorized.
- Data integrity - All authorized users should feel
confident that the data presented to them is accurate and not
- Data availability - Authorized users should be able to
access the data they need, when they need it.
Security specialists in this role focus not only on the technical intricacies of protecting the corporate network, but on the business policies and practices for such things as company e-mail, remote access usage, permissions on sensitive corporate financial and human resource data, and issues as specific as maintaining the confidentiality of the organization's employee phone listing.
Information security architecture bridges the gap between platform-specific security measures and corporate business process and policy directives. One example of security's role in business processes is defining and implementing exit procedures for employees leaving the company. When an employee leaves the company, the risk to the corporation is especially high and in need of managing, especially when a company's business is intellectual property, which is more difficult to track.
The Security Role Cluster contributes to both enterprise IT and business unit IT activities. This role cluster is also integral in working with the Infrastructure Role Cluster in evaluating security-related system and automation tools such as third-party intrusion-detection systems.
Another responsibility of the Security Role Cluster is creation of a comprehensive plan for the audit, retention, classification, and secure disposal of data. Legal, financial, and historical data needs to be safely stored for appropriate periods of time as defined by law, the industry, and the organization. This requires implementing an efficient backup and retrieval process in the operations role. Noncritical data should be disposed of to minimize storage costs. Physical security, as it relates to data, assures secure telephone and data connections and physical access to assets, as well as secure connections to business partners, joint ventures, and new acquisitions. Exposures related to weak physical security allow easy access to intruders. For related risk management information and guidance, please review the MOF Risk Management Discipline for Operations document, which is available at Microsoft Operations Framework (MOF).
Key responsibilities of the Security Role Cluster include:
- Helping to monitor the correct operations of IT
- Detecting intrusions and protecting against viruses.
- Providing denial-of-service protection.
- Defining policies for data retention and secure data
- Performing audit tracking and reporting.
- Providing effective network domain security design and
- Testing and implementing strategic security
- Monitoring and assessing network vulnerability.
- Providing fast, real-time network intrusion response.
- Managing Public Key Infrastructure (PKI) technology
- Managing Internet Protocol (IP) security requirements.
- Managing authentication and access methods
- Managing user-policy usage and requirements (such as a password
- Managing external and physical security requirements (such as
access to computer rooms).
- Managing secure messaging requirements.
- Providing ongoing technical support and subject matter
expertise for security initiatives within the company.
Key skills required of the Security Role Cluster include:
- Understanding of security policies and ability to review them
- Understanding of business areas and the type of data they deal
with in order to improve security.
- Ability to set up shared areas on various servers.
- In-depth understanding of the security model of the company's
- Extensive knowledge of networking. Understanding of viruses and
- Ability to balance security issues against productivity issues
to ensure that neither is lowered greatly by security
- Ability to set up security profiles for different groups of
- Ability to educate and inform employees about security
- Ability to work and consult with other IT groups when security
- Understanding of the methods of securing data and files, such
as authentication and encryption, and products that enable and
improve these methods.
- Ability to work with vendors offering security solutions in
order to evaluate product offerings.
- Ability to monitor security risks, such as outgoing employees,
to help maintain security.
- Ability to conduct security audits.