As the business grows, the organization may set up an official CSO role with more dedicated security functional teams such as a security management team, security testing, security engineering, security monitoring, and security services:

• Security management: The team defines the security guidelines, process, policies, templates, checklist, and requirements. The role of the security management team is the same as the one previously discussed in the Security office under a CTO section.
• Security testing: The team is performing in-house security testing before application release.
• Security engineering: The team provides a common security framework, architecture, SDK, and API for a development team to use.
• Security monitoring ...