In last week’s article on compliance in cybersecurity, we learned that IT departments are breaking into two teams, or two departments, to accommodate regulations: IT infrastructure and cybersecurity. The cybersecurity team must break apart from the traditional IT infrastructure team due to separation of duty requirements in nearly all regulations.
The primary goal of the cybersecurity team is to ensure compliance of the regulation’s security controls, which are broad cybersecurity tasks, such as backing up systems or encrypting data at rest and in motion. The controls must be implemented, audited and reported. The cybersecurity team often works in a separate physical location called a security operations center (SOC).
To view common security controls, check out National Institute of Standards and Technology (NIST) Special Publication 800-53, Security and Privacy Controls for General Information Systems and Organizations.
However, the cybersecurity team is also breaking into two teams: cybersecurity operations and cybersecurity management. Although cybersecurity teams usually work together in the same physical location, team members conduct vastly different tasks.
Here is a general definition of the two types of tasks:
- Cybersecurity Operations: Analyst and technical hands-on tasks, including penetration testing, security analytics and forensics.
- Cybersecurity Management: Compliance oversight, auditing and management tasks.
To understand the tasks better, CompTIA spoke with a dozen cybersecurity professionals from Fortune 500 and defense companies over a two-month period. We asked them how their cybersecurity teams comply to regulations, and each company had similar responses, regardless of the regulations they have to comply with.
What Does Cybersecurity Operations Do?
Most cybersecurity operations teams were created after the historic 2013 – 2014 cybersecurity attacks. The industry realized it needed to focus on 1) continuous security monitoring and 2) vulnerability assessment and management to avoid attacks. These skills are the fastest growing in cybersecurity and are covered in CompTIA Cybersecurity Analyst (CySA+) and CompTIA PenTest+.
Companies built new, separate SOC facilities to conduct these tasks. They outfitted them with software tools, such as security information and event management (SIEM) systems for continuous monitoring. They added vulnerability assessment and management software to test systems for weaknesses by penetration testers.
The addition of SOCs lowered company risk, because for the first time, many companies had visibility of their networks. They conducted an inventory of systems on the network, tested for vulnerabilities and fixed incidents. Sometimes it involved patching, and other times it required quarantining and replacing infected systems. In the end, companies were more secure and could move forward with more confidence.
What Does Cybersecurity Management Do?
Cybersecurity management teams enforces regulatory compliance through oversight, auditing and management. They work closely with the cybersecurity operations and IT infrastructure teams to ensure compliance is met. The main regulatory oversight function is performed by the chief information security officer (CISO), who is ultimately responsible for the company’s regulatory compliance and works with the board of directors and the cybersecurity team.
The two other main tasks are security auditing and management.
- Security auditing is the assessment of security controls, and the auditor is the one who verifies the controls are in place. For example, they might audit the IT infrastructure team and verify credit card numbers are encrypted.
- Security management focuses on the management of people and tasks to ensure the various teams are implementing their assigned controls. For example, a manager would assign and manage continuous security monitoring tasks by working with the cybersecurity operations team. The manager would also manage the IT infrastructure team to make sure they conducted related security controls, such as backups.
Compliance and CompTIA Certifications
CompTIA certifications cover skills in all aspects of regulatory: IT infrastructure, cybersecurity operations and cybersecurity management and will continue to expand these skills in 2020:
- The new version of CompTIA Security+ (SY0-601) scheduled for November 2020 release includes privacy standards that impact cloud security, how to perform systems and security administrator tasks in hybrid and heavily regulated environments, and how policy is the main hurdle.
- The new version of CompTIA Cybersecurity Analyst (CySA+) (CS0-002) scheduled for April 2020 release includes an entire domain on compliance. CySA+ helps companies remain compliant through continuous monitoring and reporting found in nearly all regulations.
- CompTIA PenTest+ covers penetration testing and vulnerability assessment and management skills to help companies obtain and remain PCI-DSS compliant.
- CompTIA Advanced Security Practitioner (CASP+) covers governance and its relationship to security and enterprise network architecture. A security architect determines how to integrate security controls within existing network architecture.
In summary, most cybersecurity professionals will work under regulations. If you are not already familiar with compliance, you need to prepare yourself. Cybersecurity jobs are projected to grow much faster than average, in part due to regulations being placed upon companies throughout the globe. Embrace the change.
Patrick Lane, M.Ed., is a Director of Product Management for CompTIA. He manages cybersecurity workforce skills certifications, including CompTIA Security+, PenTest+, Cybersecurity Analyst (CySA+) and CompTIA Advanced Security Practitioner (CASP+).
He assisted the U.S. National Cybersecurity Alliance (NCSA) and the Director of Cybersecurity Policy at the National Security Council (NSC) to create the “Lock Down Your Login” campaign to promote multi-factor authentication nationwide. He has implemented a variety of IT projects as a network administrator, systems administrator, security analyst and security architect.
Patrick is an U.S. Armed Forces Communications and Electronics Association (AFCEA) lifetime member, born and raised on U.S. military bases. He has assisted the Defense Information Security Agency (DISA) with scalable SIEM techniques from the private sector, and has authored and co-authored multiple books, including Hack Proofing Linux: A Guide to Open Source Security (Syngress/Elsevier). Patrick has received certifications in CompTIA Network+, Security+, (ISC)2 CISSP, and Microsoft MCSE.