Many organizations still do not have dedicated information security staff, although that is rapidly changing. Depending on the size of an organization, there could be a single employee who is responsible for maintaining and enhancing the organization’s security posture. This would also include basic operations, security checks, and user education and training, among many other responsibilities. This is typical of small organizations that do not have the resources necessary to stand up a full team of information security professionals. Larger organizations are typically better equipped to establish and maintain a dedicated information security staff. As you will see throughout this module, security professionals are often not embedded within an organization’s IT department.
For your initial post, consider the benefits of having dedicated roles within a security team versus having individual employees who must be jacks of all trades when it comes to improving an organization’s information security posture. Should you reference any internal or external resource, remember to cite your sources appropriately.
In your initial post, address the following:
- What are the advantages and disadvantages of having a dedicated security team?
- Select a role that was noted in the module resources that is of interest to you. If you are aware of other information security roles that were not discussed in the module resources, be sure to find a reference and cite it within your post.
- Explain your selected role and how that role supports and enhances security posture within an organization.
In response to two of your peers, build on each original poster’s claims, and answer the following:
- Do you believe that each of your peers’ selected roles would be a better fit for a small organization or a large one? Why?