Like all departments in a well-run business, cybersecurity is not one master role, rather it is a collection of roles that work together to make the department run properly. In a small business, it is assumed that many of these roles will be performed by the same person. The essential roles in a cybersecurity program can range in difficulty depending on the size and scope of your organization’s network. If after reviewing this guide you decide that taking on a combination of roles may be too much for you and/or other employees, you may want to look into outsourcing some of the responsibilities.
Network Administrator: this individual designs, configures, and maintains a business computer network. They recommend the appropriate networking hardware and oversee the implementation of subnets, routing protocols, firewalls, and VLANs. The network admin is also responsible for ensuring the day-to-day functionality of the network and is responsible for fixing any network issues that arise.
Security Analyst: this individual collects data about daily technology workflows and activities and analyzes them for any signs of malicious activity. A security analyst will commonly use automated tools to aid with investigation of this data. If malicious activity is detected, the analyst will forward the alert to the necessary parties in the chain of command for remediation. Outside of detecting intrusions, the security analyst can derive insights from the network data and recommend solutions for improving the company cybersecurity posture.
Security Engineer: this individual is responsible for gathering insights from security analysts and upper-level management and designing the organization’s security infrastructure. The security engineer will often consult with the network administrator to help implement secure best practices for network technologies like firewalls, routers, and wireless networks.
IT/Cybersecurity Technician: this individual is responsible for providing daily assistance to employees regarding a vast array of technical issues. IT technicians are primarily concerned with ensuring the availability of assets like desktops and laptops, mobile devices, applications, and network connections. More complex issues like security events and network malfunctions may need to be escalated to upper-level roles such as the security analyst and network administrator.
Incident Responder/Forensics Investigator: this individual is responsible for taking charge during a cybersecurity incident and following the incident response plan for containing and eliminating the source(s) of the incident. Once the incident has been properly eliminated, this individual will use forensic tools to investigate the incident and determine the root cause, assembling data to help the security engineer integrate means for preventing future incidents.
If your organization processes very large amounts of data, you will need to implement a comprehensive data governance program. This ensures that your company’s data remains clean, safe, and available. The commonly defined data governance roles include:
Data Owner: this individual is an upper-level manager who is responsible for managing an entire category, or multiple categories, of data. They are the individuals held responsible for the state of the data and must approve all modifications to it. They are also responsible for guaranteeing continued data quality and ensuring that relevant data policies are enforced.
Data Custodian: this individual develops and manages the technical means by which company data is stored and processed. Encryption algorithms, storage locations, and access controls are all designed and implemented by the custodian.
Data Steward: this individual has responsibilities like the data custodian but is more concerned with operational issues. They oversee the day-to-day state of all company data, responding to inquiries from other parties and keeping other roles in the loop regarding the state of the data. When new policies and plans are implemented, the steward is responsible for working with relevant individuals to ensure that everybody complies and stays on the same page.
As stated earlier, these roles may need to be combined for some individuals depending on the size of your organization. The security engineer and data custodian have similar roles that often have overlapping knowledge, as do the security analyst and incident responder. If you feel that the responsibilities listed are out of scope for your organization, you can look into outsourcing them to a third-party IT department and/or Managed Security Service Provider (MSSP).
Once you have designed and assigned cybersecurity roles for your organization, it is important that you develop a system for how each of the roles will communicate. Attacking security issues and events requires a system of triage, where different individuals uncover said issues and rank them based on the necessity of their remediation before escalating them up the chain to the next individual.
For example, your security analyst may uncover a malware infection running rampant throughout your network. As soon as they have confirmed it, they notify the necessary parties and escalate control to the Incident Responder. The Incident Responder eradicates the infection and performs a forensic analysis on its causes. This information is passed to upper-level management who then has the data custodian and security engineer work together to design and implement new controls and policies to address the vulnerabilities that enabled the infection. The data steward ensures that the new policies are properly enforced, while the network administrator adapts the network infrastructure to the new controls.
You can utilize the template provided below to keep documentation of the assigned cybersecurity roles in your organization. Ensure that this documentation is securely stored with other internal company files and is regularly updated to reflect turnover and role changes. It is also a good idea to create a Responsibility Assignment (RACI) Matrix to visually reflect these roles and responsibilities. A RACI Matrix categorizes roles and responsibilities by assigning them one of the following four categories: Responsible, Accountable, Consulted, and Informed. Creating a RACI Matrix will be especially helpful if your environment has a staff that takes on many different cybersecurity roles per person. Below is an example RACI Matrix that reflects the basic roles and responsibilities outlined in this documentation.
