For context, I am a one person security team as a ISM. Other IT departments are Network, Systems, and Customer service that are under a completely different direction. There has a small about of push-back when I speak on access management roles/responsibilities and separation of duties. What are some opinions on what is the best take on access management ownership with AD and Entra ID, and other services?

Security Strategy & RoadmapIT Strategy & Roadmap
694 viewscircle icon1 Comment
Sort by:
IT Analyst10 months ago

If you are having resistance about it, I think the first step is to engage higher organization levels showing evolved risks. If you get green sign of them next steps are:
1) training teams about security and risks;
2) review organization's security policy;
  2.1) maybe create a standard about IAM's administration;
3) implement IAM policy

There is no formula about which team should do what, each organizations has its own way of working. It isn't a question of organizational chart, it's a question of resposibility. The most important thing is to ensure teams are aware of the their roles in the security implications.

Content you might like

We are discussing within the company how to structure our response to digital scams and fraud, especially scams involving fake profiles on social media such as WhatsApp. Criminals create fake profiles via WhatsApp with unofficial numbers and contact consumers, obtaining their data and then fraudulently generating payment slips. How is this situation structured in your company? Is there a dedicated area for this? Is it under Information Security? And if it is under Information Security, to whom does the area report—directly to the board/council/senior management, or is it under the IT department?

Read More Comments

For 1-10-60 Response Time Framework by Crowdstrike, is there a document that I can reference? How are the incidents tracked? Is it using the mean value of all the incidents (MTTD, MTTI and MTTR) or each incident needs to comply to 1-10 and 60?

What are the key steps to transition a Chief Information Security Officer (CISO) into a Business Information Security Officer (BISO) role while preserving advisory responsibilities and avoiding being treated as a PMO?

What’s the top cybersecurity challenge concerning your organization right now?

AI-driven threats (deepfakes, automated attacks) 17%

Software supply chain risks 19%

Insider risk (both malicious & accidental) 12%

Regulatory compliance 9%

Cloud misconfigurations 12%

Shadow IT (or shadow AI) 12%

Ransomware 6%

Talent shortage in cybersecurity10%

Something else (comment to explain)3%

View Results

We would like to know what is the best advanced threat detection / prevention security control that provides the most bang for buck for a large organisation that wants to enhance its security posture to better detect and mitigate advanced threat actors. 

Main goals are to reduce dwell time, enrich alerts, reduce SOC engineer incident response time, illicit targeted threat intelligence to compliment 3rd party Threat Intelligence providers

Network Detection and Response (NDR)24%

Endpoint Detection and Response (EDR)40%

Extended Detection and Response (xDR = NDR / EDR / CDR)66%

Intrusion Detection & Prevention Systems (TLS Decrypting) IDPS27%

Deception Technology (External Only)10%

Deception Technology (Internal Only)9%

Deception Technology (External & Internal)8%

View Results