ARTICLES

Role of the Security Program Manager

The Security Program Manager will need to drive the elements of the security program, inform the CEO of progress and roadblocks, and make recommendations. These are the Security Program Manager’s most important tasks:

Training. All staff must be formally trained to understand the organization’s commitment to security, what tasks they need to perform (like enabling MFA, updating their software and avoiding clicking on suspicious links that could be phishing attacks), and how to escalate suspicious activity.

Write and maintain the Incident Response Plan (IRP). The IRP will spell out what the organization needs to do before, during, and after an actual or potential security incident. It will include roles and responsibilities for all major activities, and an address book for use should the network be down during an incident. Get the CEO and other leaders to formally approve it. Review it quarterly, and after every security incident or “near miss”. Need to know where to start? Look to our Incident Response Plan Basics two-pager with advice on what to do before, during and after an incident. 

Host quarterly tabletop exercises (TTXs). A TTX is a role-playing game where the organizer (possibly you!) presents a series of scenarios to the team to see how they would respond. A common scenario involves one employee discovering their laptop is blocked by ransomware. Symphonies and sports teams practice regularly, and your organization should, too. CISA has Cybersecurity Tabletop Exercise Tips to get you started.

Ensure MFA compliance. Yep--MFA Again! The most important step an organization can make is to ensure that all staff use MFA to log into key systems, especially email. While this task is also listed under the IT section below, it is critical that multiple people review the MFA status on a regular basis.