8.1. Team building

8.1.1. Division of labor

• Department head

  • Responsible for the overall information security planning of the organization

  • Responsible for applying for resources to high-level communication

  • Responsible for coordinating and communicating with other departments of the organization

  • Jointly promote information security work

  • Responsible for information security team building

  • Responsible for emergency response to security incidents

  • Responsible for driving the implementation of the organization’s security plan

• Compliance Administrator

  • Responsible for the formulation of safety-related management systems and management processes, supervise the implementation, and revise and improve relevant systems and processes

  • Responsible for compliance inspection preparations, including liaison, promotion of inspection work, and reporting of inspection results, etc.

  • Responsible for liaising with external security related units

  • Responsible for safety awareness training, publicity and promotion

• safety technology manager

  • Overall technical planning and plans for business security protection

  • Understand organizational security technical deficiencies and be able to find ways to defend against them

  • Safety equipment operation and maintenance

  • Security hardening of servers and network infrastructure equipment

  • Investigate and analyze security incidents, and cooperate with regular preparation of security analysis reports

  • Pay attention to industry security events, track the latest vulnerability information, and conduct security inspections of business products

  • Responsible for the promotion of vulnerability repair work, tracking the resolution, and collecting problems

  • Learn about the latest security technology trends

• Penetration/Code Auditor

  • Conduct security assessment tests on the organization’s business website and business system

  • Provide solutions and remediation recommendations for vulnerability findings

• Safety equipment operation and maintenance personnel

  • Responsible for device configuration and policy modification

  • Responsible for assisting in the implementation of security policy modifications resulting from changes in other departments

• Safe development

  • Develop security aids or platforms based on organizational security needs

  • Participate in the development of security system requirements analysis, design, coding, etc.

  • Maintain the company’s existing security procedures and systems

8.1.2. Reference Links

• Party A’s enterprise safety construction plan for the first time

• Enterprise security project architecture practice sharing

• Enterprise information security team building