One week into your new job as the CISO and your Information Security department just failed an
Question:
One week into your new job as the CISO and your Information Security department just failed an external audit! Jeesh! Your organization (dental claims adjudication) just had a regulatory exam, which was riddled with information technology issues. The biggest issue they noted was the need to implement a fully operable Security Operations Center within 12 months. Here is the detail:
Your boss (CIO) just approved a 2 million dollar budget to assist you with your remediation efforts. You have five employees now consisting of the following team members:
- 1 InfoSec Manager
- 2 InfoSec Analysts
- 1 Problem/Incident Manager
- 1 Security Engineer
- 1 Access Analyst
You have to assess about 1 million events each month with 150 agents on systems inclusive of Firewalls, DNS, Web Proxies, Databases, Hosts, IDS/IPS, Scanning Tools, Malware/AV, etc. Your mission, should you choose to accept it (you should accept it for a good grade) is to build an end-to-end Security Operations Center in 1 year from scratch.
- What the Ongoing Budget Spend will be in Year 2 and 3 After Implementation and ROI.
Business Communication Essentials a skill based approach
ISBN: 978-0132971324
6th edition
Authors: Courtland L. Bovee, John V. Thill