Many organizations still do not have dedicated information security staff, although that is rapidly changing. Depending on the size of an organization, there could be a single employee who is responsible for maintaining and enhancing the organization’s security posture. This would also include basic operations, security checks, and user education and training, among many other responsibilities. This is typical of small organizations that do not have the resources necessary to stand up a full team of information security professionals. Larger organizations are typically better equipped to establish and maintain a dedicated information security staff. As you will see throughout this module, security professionals are often not embedded within an organization’s IT department.

For your initial post, consider the benefits of having dedicated roles within a security team versus having individual employees who must be jacks of all trades when it comes to improving an organization’s information security posture. Should you reference any internal or external resource, remember to cite your sources appropriately.

In your initial post, address the following:

• What are the advantages and disadvantages of having a dedicated security team?
• Select a role that was noted in the module resources that is of interest to you. If you are aware of other information security roles that were not discussed in the module resources, be sure to find a reference and cite it within your post.
• Explain your selected role and how that role supports and enhances security posture within an organization.

 

Discussion: Roles and Responsibilities

            A dedicated information security team within an organization handles multiple security tasks. These range from the data library of all the records, maintaining servers, preventing attacks, detecting and recovering information lost, and other needs. These are individuals whose skills range from internet experts to localized information handling. They all merge their skills to counter the many challenges that come with information breaches. A large team achieves security improvements by delegating duties to different individuals and making it easier to handle dedicated tasks, taking little time, and remaining effective. The disadvantage is the enormous costs of maintaining the team, salaries, and the multiple resources needed to achieve all the objectives. Additionally, trust issues arise, and the team may commit mistakes that no individual would wish to account for. Every firm chooses the best option based on its needs, size, and available resources.

One of the roles chosen is a security analyst, which detects the potential dangers of the company and the organization. According to George Washington University (n.d), these include the vulnerable machines, programs, activities that could expose the entire information handled by the company to manipulation and misuse. Sometimes such information may relate to clients, leading to severe data breaches and subject the organization to legal cases or painful fines. The role of a security analyst is not only to detect the problems but to identify the solutions the firm can take to curb the impending dangers. Their advice may include the tests of the available resolutions and being part of the execution plan. The support this role offers to the firm is to either solve and prevent more security breaches that a firm may have in the evolving world of information and data used by firms. Overall, an organization must choose the best approach to handling information security by the best strategies that suit their needs and affordability.