[CCCure CISSP] Organizational Reporting Structure

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[CCCure CISSP] Organizational Reporting Structure

Zeolla@GMail.com
I came across the following question:

Which one of the following functions provides the least effective organizational reporting structure for the Information Systems Security function?

  •  
  •  
  •  

Operations would rank lowest of the available answers as they are more apt to be management so would be considered least effective structure for the Information Systems Security function.

In order to offer more independence and get more attention from management, an IT/IS security function should be independent from IT/IS operations and ideally report directly to the CEO. If it were to report to IT/IS, operations is probably the last function the IS Security function should be reporting to. 



I'm unsure what exactly the question is asking, and the details portion hasn't helped.  If someone could just rephrase the question and perhaps explain why IS operations is the correct answer, that would be great.  I have the test in two days, I need to know this stuff!  Ha ha.  Thanks,

- Jon Zeolla
[hidden email]

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Organizational Reporting Structure

clementdupuis
Administrator
Good day Jon,

The question is simply asking:  Who would be worst choice to report to within a company for the security team?

Reporting to the Operations Manager would be the worst choice.  You're mostly telling the Ops Manager that he is not doing his job properly.  I doubt he will escalate the issue to management and tell management:  I am doing my job properly.

A C level executive would always be best such as the CIO, COO, CSO, etc...

Best regards

Clement


Clement Dupuis, CD

Chief Learning Officer (CLO) and Security Evangelist
GCFW, GCIA, Security+ 301, CEH V7, CCSA, CCSE,  + 12 others

SecureNinja
Office : +703 535 8600
Mobile: +1 407 433 6444

Email: [hidden email]

Web: www.secureninja.com

Connect with me on LinkedIn | Follow me on Twitter


Description: Secure Ninja @ LinkedinDescription: See Us @ YoutubeDescription: Like us on FacebookDescription: Fallow us Twitter

901 N. Pitt Street, Suite 105
Alexandria, VA  22314

Description: Description: sn_logo

In Cyberspace:

[hidden email]
Clement Dupuis, CD
President/Founder/Chief Security Evangelist
The CCCure Family of Portals
----------------------------------------------------------------------------------------------
Maintainer of :

The CCCure Quiz Engine
https://www.freepracticetests.org/quiz/index.php?page=home

The CCCure Family of Portals
http://www.cccure.org

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org/

Knowledge sharing and giving back to the community

-------------------------------------------------------------------------------------------------------
>>  Call me to get the best CISSP, Security+, or other Security related training  <<
-------------------------------------------------------------------------------------------------------


On Wed, Jul 3, 2013 at 8:36 PM, [hidden email] <[hidden email]> wrote:
I came across the following question:

Which one of the following functions provides the least effective organizational reporting structure for the Information Systems Security function?

  •  
  •  
  •  

Operations would rank lowest of the available answers as they are more apt to be management so would be considered least effective structure for the Information Systems Security function.

In order to offer more independence and get more attention from management, an IT/IS security function should be independent from IT/IS operations and ideally report directly to the CEO. If it were to report to IT/IS, operations is probably the last function the IS Security function should be reporting to. 



I'm unsure what exactly the question is asking, and the details portion hasn't helped.  If someone could just rephrase the question and perhaps explain why IS operations is the correct answer, that would be great.  I have the test in two days, I need to know this stuff!  Ha ha.  Thanks,

- Jon Zeolla
[hidden email]

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Clement Dupuis, CD
CCCure Founder and Owner
CLO @ SecureNinja.Com
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Organizational Reporting Structure

Zeolla@GMail.com
In reply to this post by Zeolla@GMail.com
Ahh, it makes much more sense now.  Thanks Clement,


- Jon Zeolla
[hidden email]


On Thu, Jul 4, 2013 at 12:00 PM, <[hidden email]> wrote:
Send CISSPstudy mailing list submissions to
        [hidden email]

To subscribe or unsubscribe via the World Wide Web, visit
        http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
or, via email, send a message with subject or body 'help' to
        [hidden email]

You can reach the person managing the list at
        [hidden email]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CISSPstudy digest..."


Today's Topics:

   1. Organizational Reporting Structure ([hidden email])
   2. Re: Organizational Reporting Structure (Clement Dupuis)


----------------------------------------------------------------------

Message: 1
Date: Wed, 3 Jul 2013 20:36:00 -0400
From: "[hidden email]" <[hidden email]>
To: [hidden email]
Subject: [CCCure CISSP] Organizational Reporting Structure
Message-ID:
        <[hidden email]>
Content-Type: text/plain; charset="utf-8"

I came across the following question:

Which one of the following functions provides the *least* effective
organizational reporting structure for the Information Systems Security
function?

   -  IS quality assurance.
   -  IS resource management.
   - ?IS operations.
   -  Corporate security.


Operations would rank lowest of the available answers as they are more apt
to be management so would be considered* least effective *structure for the
Information Systems Security function.

In order to offer more independence and get more attention from management,
an IT/IS security function should be independent from IT/IS operations and
ideally report directly to the CEO. If it were to report to IT/IS,
operations is probably the last function the IS Security function should be
reporting to.


I'm unsure what exactly the question is asking, and the details portion
hasn't helped.  If someone could just rephrase the question and perhaps
explain why IS operations is the correct answer, that would be great.  I
have the test in two days, I need to know this stuff!  Ha ha.  Thanks,

- Jon Zeolla
[hidden email]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/mailman/private/cisspstudy_cccure.org/attachments/20130703/83c43ab7/attachment.html>

------------------------------

Message: 2
Date: Wed, 3 Jul 2013 20:49:39 -0400
From: Clement Dupuis <[hidden email]>
To: The CISSP Study Mailing list <[hidden email]>
Subject: Re: [CCCure CISSP] Organizational Reporting Structure
Message-ID:
        <CALR7dM13z-8=[hidden email]>
Content-Type: text/plain; charset="utf-8"

Good day Jon,

The question is simply asking:  Who would be worst choice to report to
within a company for the security team?

Reporting to the Operations Manager would be the worst choice.  You're
mostly telling the Ops Manager that he is not doing his job properly.  I
doubt he will escalate the issue to management and tell management:  I am
doing my job properly.

A C level executive would always be best such as the CIO, COO, CSO, etc...

Best regards

Clement


Clement Dupuis, CD

Chief Learning Officer (CLO) and Security Evangelist
GCFW, GCIA, Security+ 301, CEH V7, CCSA, CCSE,  + 12 others

SecureNinja
Office : +703 535 8600
Mobile: +1 407 433 6444

Email: [hidden email]

Web: www.secureninja.com

Connect with me on LinkedIn | Follow me on Twitter


Description: Secure Ninja @ LinkedinDescription: See Us @
YoutubeDescription: Like us on FacebookDescription: Fallow us Twitter

901 N. Pitt Street, Suite 105
Alexandria, VA  22314

Description: Description: sn_logo

In Cyberspace:

[hidden email]
Clement Dupuis, CD
President/Founder/Chief Security Evangelist
The CCCure Family of Portals
----------------------------------------------------------------------------------------------
Maintainer of :

The CCCure Quiz Engine
https://www.freepracticetests.org/quiz/index.php?page=home

The CCCure Family of Portals
http://www.cccure.org

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org/

Knowledge sharing and giving back to the community

-------------------------------------------------------------------------------------------------------
>>  Call me to get the best CISSP, Security+, or other Security related
training  <<
-------------------------------------------------------------------------------------------------------


On Wed, Jul 3, 2013 at 8:36 PM, [hidden email] <[hidden email]> wrote:

> I came across the following question:
>
> Which one of the following functions provides the *least* effective
> organizational reporting structure for the Information Systems Security
> function?
>
>    -  IS quality assurance.
>    -  IS resource management.
>    - ?IS operations.
>    -  Corporate security.
>
>
> Operations would rank lowest of the available answers as they are more apt
> to be management so would be considered* least effective *structure for
> the Information Systems Security function.
>
> In order to offer more independence and get more attention from
> management, an IT/IS security function should be independent from IT/IS
> operations and ideally report directly to the CEO. If it were to report to
> IT/IS, operations is probably the last function the IS Security function
> should be reporting to.
>
>
> I'm unsure what exactly the question is asking, and the details portion
> hasn't helped.  If someone could just rephrase the question and perhaps
> explain why IS operations is the correct answer, that would be great.  I
> have the test in two days, I need to know this stuff!  Ha ha.  Thanks,
>
> - Jon Zeolla
> [hidden email]
>
> _______________________________________________
> You can find the list archive at:
> http://cissp-study.3965.n7.nabble.com/
>
> CISSPstudy mailing list
> [hidden email]
>
> To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/mailman/private/cisspstudy_cccure.org/attachments/20130703/5a9ae18f/attachment.html>

------------------------------

Subject: Digest Footer

_______________________________________________
You can search through the mailing list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org


------------------------------

End of CISSPstudy Digest, Vol 61, Issue 1
*****************************************


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org