8.1. Team building¶
8.1.1. Division of labor¶
- Department head
Responsible for the overall information security planning of the organization
Responsible for applying for resources to high-level communication
Responsible for coordinating and communicating with other departments of the organization
Jointly promote information security work
Responsible for information security team building
Responsible for emergency response to security incidents
Responsible for driving the implementation of the organization’s security plan
- Compliance Administrator
Responsible for the formulation of safety-related management systems and management processes, supervise the implementation, and revise and improve relevant systems and processes
Responsible for compliance inspection preparations, including liaison, promotion of inspection work, and reporting of inspection results, etc.
Responsible for liaising with external security related units
Responsible for safety awareness training, publicity and promotion
- safety technology manager
Overall technical planning and plans for business security protection
Understand organizational security technical deficiencies and be able to find ways to defend against them
Safety equipment operation and maintenance
Security hardening of servers and network infrastructure equipment
Investigate and analyze security incidents, and cooperate with regular preparation of security analysis reports
Pay attention to industry security events, track the latest vulnerability information, and conduct security inspections of business products
Responsible for the promotion of vulnerability repair work, tracking the resolution, and collecting problems
Learn about the latest security technology trends
- Penetration/Code Auditor
Conduct security assessment tests on the organization’s business website and business system
Provide solutions and remediation recommendations for vulnerability findings
- Safety equipment operation and maintenance personnel
Responsible for device configuration and policy modification
Responsible for assisting in the implementation of security policy modifications resulting from changes in other departments
- Safe development
Develop security aids or platforms based on organizational security needs
Participate in the development of security system requirements analysis, design, coding, etc.
Maintain the company’s existing security procedures and systems