Lesson 3 of 9
In Progress

Reporting Personas

Owing to the requirements imposed by their job roles, each management level and employee within the organisational structure will have a need to look at a cross-section of information at a different level of detail – albeit deduced from the same underlying dataset but represented differently to suit those needs.

The Board

Depending on the size of the organisation, the board usually operate at the highest level and if focused on effective governance.

Scope

A holistic overview of the state of the organisation from governance best practices.

Key Roles

The following roles usually sit within this group:

  • Board Members

Key Questions

The following are some of the questions this group is interested in answering:

  • Could there be any visible or hidden bad, lingering within the cyber estate?
  • Are we appropriately staffed in numbers and skills?
  • Do we know what we don’t know? Another way of asking this question is to ask about the known gaps in the organisational security posture.
  • What should keep us awake at night?
  • How well equipped we keep our stance against the ever-evolving threat landscape?
  • How can we use our influence to get you the right level of required support?

Focus Areas

The key focus areas for this group usually are:

  • Awareness of hotspots within the organisation locally and globally, depending on the nature of the business.
  • A high-level view of contextually relevant Threat Intelligence and likely impact on business for a particular threat if that is in question.
  • Enterprise Risks and how they are addressed by Cybersecurity strategy.
  • Brand reputation.

Executive Management

This group is responsible for contributing to and executing on the strategic vision of the organisation to successfully deliver agreed business objectives whether they are to achieve certain financial metrics or provide not-for-profit outcomes.

Scope

The interest of this group is to ensure organisational security posture remains aligned to the strategic business objective and avoid any disruptions.

The senior executive management group is usually spread at a global, regional and local level depending on the organisational requirements and structure in place.

Key Roles

The following roles usually sit within this group:

  • Chief Executive Officer (CEO)
  • Chief Information Officer (CIO)
  • Chief Information Security Officer (CISO)
  • Chief Risk Office (CRO)

Key Questions

The following are some of the questions this group is interested in and challenges the relevant business leaders to find satisfactory, fact-based answers:

  • Are we secured against the most likely cybers threats to our business?
  • Are we achieving the promised Return-on-Investment (ROI) on security spend?
  • Are we aware of our data assets, our responsibility towards it and the necessary safeguards are in place to ensure it is not subjected to unnecessary exposure?
  • What can they do to help?

Focus Areas

The key focus areas for this group usually are:

  • Implementation of cyber controls in line with the requirements mandated by the Enterprise Risk Management framework.
  • Overview of organisational Threat Profile.
  • Status update on large investment projects in cyber, e.g. enterprisewide cloud-first rollout and corresponding security requirements.
  • Interested in any ongoing P1 level incidents.
  • State of affairs with regards to Defense-in-depth and investments required to plug those gaps.

Middle Management

This group is responsible for the performance of their regions or business units.

Scope

The scope includes situational awareness from a security perspective at the regional and business unit level and makes sure they are able to corporate objectives.

Key Roles

The following roles usually sit within this group:

  • Regional Chief Information Security Officer (Regional CISO)
  • Regional Risk Officer (RRO)
  • Regional Executive Team

Key Questions

The following are some of the questions this group is interested in:

  • Is my business unit/region appropriately funded to maintain a secure posture?
  • Are appropriate Business Continuity and Disaster Recovery Plans setup in place and are regularly tested?
  • Are relevant investments made in the cybersecurity posture?
  • Are our processes compliant with local and any other applicable regulations?
  • How is the threat posture evolving in line with the advancement in technology?

Focus Areas

The key focus areas for this group usually are:

  • Overview of corresponding Threat-based Situational Awareness for their region and/or business unit.
  • Understanding of how risk profile changes across various parts of their business.
  • Visibility and understanding of common threats, attack vectors and threat actors that are prevalent in their region or aiming at their specific organisation and/or business unit.
  • Visibility into P1 incidents, especially which are cross-regional.
  • Understanding of strengths and weaknesses to appropriately maintain the required security controls.

Operational Management

This group is concerned with the daily operations of the security organisation. Most of the monitoring roles are concentrated within the Security Operations Centre (SOC) but they are equally spread out outside into other functions such as Vulnerability Management, Infrastructure, Network Operations Centre (NOC), Compliance, Risk Management, etc.

Scope

The scope for this group is to maintain operations on a daily basis.

Key Roles

The following roles usually sit within this group:

  • Security Operations Centre (SOC) Manager
  • Security Operations Centre (SOC) Team Leads
  • Compliance Team

Key Questions

The following are some of the questions this group is interested in:

  • Does our monitoring capability align with our organisational goals?
  • Does our Incident Response capability support our intended and stated objectives?
  • Do we continue to be appropriately staffed to address our present and future requirements?
  • Are we documenting trends and lessons learned?
  • Is there any bad in our estate?
  • Are we keeping our knowledgebase and skillset current?
  • Have we established and keep all required channels current, within and outside the organisation, to appropriately deal with any incident?

Focus Areas

The key focus areas for this group usually are:

  • Validation of effectiveness, e.g through Purple Team exercises.Incident trending
  • Workload Management
  • Capacity Management
  • Staff Upskilling/Training
  • Threat Landscape