130n@calvinlai.com
  • About Calvin Lai (fkclai)
  • My Work
  • Cyber Security
    • Cyber Security Centre (CSC)
      • Why we need a CSC
      • CSC Team Structure: Roles, Functions, and Tools
        • Key Function & Role
        • Tools & Platforms
        • People
        • Outsource Strategy
      • HRMC Executive Paper
  • Detection and Response
    • Playbook: Threat Prioritization & Automated Response Strategies
      • Scenario: Detecting and Mitigating a Ransomware Attack
      • Scenario: DC Sync Attack Detected and Mitigated
      • Scenario: Pass-the-Hash (PtH) Attack Detected and Contained
      • Scenario: Phishing Campaign with Malware / Credential Theft Detected and Mitigated
  • Application Architecture
    • Comparison of MVC , N-tier and Microservice Architecture
  • Application Security
    • OAuth, SAML, and OpenID Connect: Key Differences and Use Cases
    • Secure Coding Principles
    • HTTP Header Security Principles
    • Mitigating Broken Object Level Authorization (BOLA)
    • Spring Boot Validation
    • Output Encoding in JavaServer Faces (JSF)
    • Session Management Security Issues
    • Common API Security Problems
      • Broken Authentication
      • Excessive Data Exposure
      • Lack of Resources & Rate Limiting
      • Broken Function Level Authorization
      • Unsafe Consumption of APIs
    • JAVA Exception Handling
    • File Upload Validation
    • OAuth 2.0 Security
      • Insecure Storage of Access Tokens
    • Microservice Security
      • Sample Coding Demo
        • Service Implementation
        • Client Interaction
      • Security Solution for Microservices Architecture
    • Modifying and Protecting Java Class Files
      • Modify a Class File Inside a WAR File
      • Direct Bytecode Editing
        • Steps to Directly Edit a Java Class File
          • Update: Java Bytecode Editing Tools
      • Techniques to Protect Java Class Files
        • Runtime Decryption in WebLogic
    • JAVA Program
      • Secure, Concurrent Web Access Using Java and Tor
      • Creating a Maven Java project in Visual Studio Code
  • Exploit/CVE PoC
    • ZeroLogon Exploit
    • Remote Retrieved Chrome saved Encrypted Password
    • Twitter Control an RCE attack
  • Hacking Report (HTB)
    • Hits & Summary
      • Tools & Cheat Sheet
    • Windows Machine
      • Love 10.10.10.239
      • Blackfield 10.10.10.192
      • Remote 10.10.10.180
      • Sauna 10.10.10.175
      • Forest 10.10.10.161
      • Sniper
      • Json
      • Heist
      • Blue
      • Legacy
      • Resolute
      • Cascade
    • Linux Machine
      • Photobomb 10.10.11.182
      • Pandora 10.10.11.136
      • BountyHunter 10.10.11.100
      • CAP 10.10.10.245
      • Spectra 10.10.10.229
      • Ready 10.10.10.220
      • Doctor 10.10.10.209
      • Bucket 10.10.10.212
      • Blunder 10.10.10.191
      • Registry 10.10.10.159
      • Magic
      • Tabby
  • Penetration Testing
    • Web Application PenTest
    • Network/System PenTest
    • Mobile Penetration Test
      • Certificate Pinning
        • Certificate Pinning Bypass (Android)
          • Root a Android Device
          • Setup Proxy Tool - Burp Suite
      • Checklist
  • Threat Intelligence
    • Advanced Persistent Threat (APT) groups
      • North Korean APT Groups
      • Chinese APT Groups
      • Russian APT Groups
      • Other APT
  • Red Team (Windows)
    • 01 Reconnaissance
    • 02 Privileges Escalation
    • 03 Lateral Movement
    • 04 AD Attacks
      • DCSync
    • 05 Bypass-Evasion
    • 06 Kerberos Attack
    • 99 Basic Command
  • Exploitation Guide
    • 01 Reconnaissance
    • 02 Port Enumeration
    • 03 Web Enumeration
    • 04 Windows Enum & Exploit
      • Windows Credential Dumping
        • Credential Dumping: SAM
        • Credential Dumping: DCSync
      • Kerberos Attack
      • RDP
    • 05 File Enumeration
    • 06 Reverse Shell Cheat Sheet
      • Windows Reverse Shell
      • Linux Reverse Shell
    • 07 SQL Injection
    • 08 BruteForce
    • 09 XSS Bypass Checklist
    • 10 Spring Boot
    • 11 WPA
    • 12 Payload list
  • Vuln Hub (Writeup)
    • MrRobot
    • CYBERRY
    • MATRIX 1
    • Node-1
    • DPwwn-1
    • DC7
    • AiWeb-2
    • AiWeb-1
    • BrainPan
  • CTF (Writeup & Tips)
    • CTF Tools & Tips
    • Hacker One
    • CTF Learn
    • P.W.N. University - CTF 2018
    • HITCON
    • Pwnable
      • 01 Start
  • Useful Command/Tools
    • Kali
    • Windows
    • Linux
  • Offensive Security Lab & Exam
    • Lab
    • Tools for an Offensive Certification
      • Strategy for an Offensive Exam Certification
        • CVEs
        • Privilege Escalation
        • Commands
        • Impacket
  • ISO 27001
    • Disclaimer
    • What is ISO 27001
      • Implementation
    • Documentation
    • Common Mistake
    • Q&A
      • Can internal audit to replace the risk assessment
      • Is it sufficient for only the IT department head to support the ISO 27001 program
      • Does the Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP) are the same?
    • ISO 27001 Controls and Domains
      • 1. Information Security Policies
      • 2. Organization of Information Security
      • 3. Human Resource Security
      • 4. Asset Management
      • 5. Access Control
      • 6. Cryptographic Controls
      • 7. Physical and Environmental Security
      • 8: Operational Security
      • 9. Communications Security
      • 10. System Acquisition, Development, and Maintenance
      • 11. Supplier Relationships
      • 12: Information Security Incident Management
      • 13. Information Security Aspects of Business Continuity Management
      • 14. Compliance
Powered by GitBook
On this page
  • 1. Executive Leadership
  • Chief Information Security Officer (CISO)
  • 2. Security Operations Center (SOC) Team
  • Security Analysts
  • Incident Responders
  • Threat Hunters
  • 3. Security Engineering Team
  • Security Engineers
  • Network Security Specialists
  • 4. Identity and Access Management (IAM) Team
  • IAM Specialists
  • 5. Vulnerability Management Team
  • Vulnerability Assessors
  • Penetration Testers
  • 6. Application Security Team
  • Application Security Analysts
  • Secure Code Reviewers
  • 7. Data Protection Team
  • DLP Specialists
  • Key Management Specialists
  • 8. Compliance and Governance Team
  • Compliance Officers
  • Audit and Risk Management Specialists
  • 9. Threat Intelligence Team
  • Threat Intelligence Analysts
  • 10. Security Awareness and Training Team
  • Security Trainers
  • 11. Incident Management Team
  • Incident Managers
  • 12. IT and Network Operations Team
  • Network Administrators
  • System Administrators
  • 13. Cybersecurity Operation Team
  • Security Tool Administrators
  • 14. Offensive Security Team
  • Red Team

Was this helpful?

  1. Cyber Security
  2. Cyber Security Centre (CSC)
  3. CSC Team Structure: Roles, Functions, and Tools

Key Function & Role

This structure provides a comprehensive view of how each functional team within the Cyber Security Center plays a vital role in protecting the organization's IT infrastructure, along with the systems they use and their priority.

1. Executive Leadership

Chief Information Security Officer (CISO)

  • Priority: Critical

  • Function: Provides strategic leadership, ensuring the company's cybersecurity posture aligns with its overall business goals and compliance requirements. The CISO oversees all cybersecurity operations and ensures effective communication between the security team and executive management.

2. Security Operations Center (SOC) Team

Security Analysts

  • Priority: Critical for SIEM, Medium for SOAR

  • Function: Monitors security systems, detects threats, and analyzes security events to protect against attacks. They play a critical role in maintaining the organization's security posture by continuously monitoring and investigating suspicious activities.

  • Systems Used:

    • SIEM (Security Information and Event Management): Splunk Enterprise Security, IBM QRadar

    • SOAR (Security Orchestration, Automation, and Response): Splunk Phantom, Palo Alto Networks Cortex XSOAR

Incident Responders

  • Priority: Medium

  • Function: Responds to and mitigates security incidents, minimizing damage and recovery time. They are responsible for the immediate actions taken to contain, eradicate, and recover from security breaches.

Threat Hunters

  • Priority: Medium

  • Function: Proactively searches for hidden threats within the network, preventing potential breaches before they occur. Threat hunters use advanced techniques to uncover threats that evade automated detection systems.

  • Systems Used:

    • Threat Intelligence: Recorded Future, VirusTotal, Mandiant Advantage Threat Intelligence

3. Security Engineering Team

Security Engineers

  • Priority: Critical

  • Function: Designs and implements security solutions, ensuring robust defense mechanisms are in place. They are responsible for the architecture and maintenance of security infrastructure.

Network Security Specialists

  • Priority: Critical

  • Function: Protects the network from large-scale attacks aimed at disrupting services. They focus on safeguarding network integrity, availability, and confidentiality.

  • Systems Used:

    • Anti-DDoS (Distributed Denial of Service): Cloudflare, Akamai

4. Identity and Access Management (IAM) Team

IAM Specialists

  • Priority: Critical

  • Function: Manages user access, ensuring only authorized individuals can access sensitive data and systems. They handle authentication, authorization, and user provisioning.

  • Systems Used:

    • Identity and Access Management (IAM): Okta, Microsoft Azure Active Directory

5. Vulnerability Management Team

Vulnerability Assessors

  • Priority: High

  • Function: Regularly scans for vulnerabilities, allowing the company to address weaknesses before they can be exploited. They assess the security posture and recommend improvements.

  • Systems Used:

    • Vulnerability Scanning (Internal and External): Nessus, Qualys

Penetration Testers

  • Priority: High

  • Function: Conducts simulated attacks to identify and fix security gaps. They validate the effectiveness of security controls through ethical hacking.

  • Systems Used:

    • Pentesting: Fiddler, Burpsuite, Metasploit, Kali Linux

6. Application Security Team

Application Security Analysts

  • Priority: High

  • Function: Ensures the security of applications, preventing vulnerabilities and exploits. They implement security measures throughout the software development lifecycle.

  • Systems Used:

    • IAST (Interactive Application Security Testing): Examples: Contrast Security, Synopsys

    • DAST (Dynamic Application Security Testing): Examples: OWASP ZAP, Acunetix

    • SAST (Static Application Security Testing): Examples: Fortify, Checkmarx

    • RASP (Runtime Application Self-Protection): Examples: Imperva, Waratek

    • Component Scan: Examples: Black Duck, Sonatype Nexus

    • Application Shielding: Examples: Arxan, Jscrambler

Secure Code Reviewers

  • Priority: High

  • Function: Reviews code for security vulnerabilities, ensuring secure application development. They identify and remediate vulnerabilities in the code before deployment.

  • Systems Used:

    • Code Review Tools: Checkmarx, Veracode

7. Data Protection Team

DLP Specialists

  • Priority: High

  • Function: Protects sensitive data from unauthorized access and data breaches. They monitor and control data transfers to prevent data loss.

  • Systems Used:

    • Data Loss Prevention (DLP): Symantec Data Loss Prevention, McAfee DLP

Key Management Specialists

  • Priority: High

  • Function: Manages cryptographic keys and secrets to ensure data protection and secure communications. They handle encryption and decryption processes.

  • Systems Used:

    • Secret Management: CyberArk, AWS Secrets Manager

8. Compliance and Governance Team

Compliance Officers

  • Priority: Medium

  • Function: Ensures the organization adheres to relevant cybersecurity regulations and standards, avoiding legal and financial penalties. They develop and enforce compliance policies.

Audit and Risk Management Specialists

  • Priority: Medium

  • Function: Conducts audits and manages risks to maintain a strong security posture. They evaluate and mitigate risks associated with cybersecurity.

9. Threat Intelligence Team

Threat Intelligence Analysts

  • Priority: Medium

  • Function: Provides insights into emerging threats, enabling proactive defense measures. They gather and analyze threat data to inform security strategies.

  • Systems Used:

    • Threat Intelligence: Recorded Future, VirusTotal, Mandiant Advantage Threat Intelligence

10. Security Awareness and Training Team

Security Trainers

  • Priority: Medium

  • Function: Educates employees on security best practices, reducing the risk of human error. They develop and deliver training programs to raise security awareness.

  • Systems Used:

    • Training Tools: Examples: KnowBe4

11. Incident Management Team

Incident Managers

  • Priority: Medium

  • Function: Coordinates response to security incidents, ensuring efficient and effective resolution. They manage the incident lifecycle from detection to recovery.

12. IT and Network Operations Team

Network Administrators

  • Priority: Medium

  • Function: Monitors network traffic to detect and respond to anomalies and threats. They ensure network performance and security.

System Administrators

  • Priority: Medium

  • Function: Maintains the health and security of IT systems and infrastructure. They manage servers, applications, and hardware to ensure stability.

13. Cybersecurity Operation Team

Security Tool Administrators

  • Priority: Critical

  • Function: Manages and maintains all cybersecurity tools, ensuring they are up-to-date and functioning effectively. They support the technical needs of the cybersecurity teams.

14. Offensive Security Team

Red Team

  • Priority: High

  • Function: Simulates real-world attacks to test the effectiveness of security controls and preparedness of the defensive teams. They identify vulnerabilities that could be exploited by adversaries.

  • Systems Used:

    • Offensive Security Tools: Cobalt Strike, Red Canary

PreviousCSC Team Structure: Roles, Functions, and ToolsNextTools & Platforms

Last updated 28 days ago

Was this helpful?