Security Operations in Practice by Mike Sheward

If I were to provide a generalised summary of the typical life cycle of a corporate security team, it would probably look something like this: The genesis is a customer requirement to meet or prove compliance with a particular information security standard. The company responds by selecting or hiring a person to lead the effort of understanding and applying the standard to the business via a series of written policies. That person is more often than not less technical, and typically from a financial, legal or IT leadership background. They might be the sole person with ‘information security’ responsibility for some time, and during that period they rely heavily on partners in other teams to actually ...