How does your IT team work with the Infosec teams in your company?

Our information security team lives within IT who looks after corporate security and everything that's internal. We also have our product security team that we collaborate cross functionally to leverage tools, applications, and resources and ensure joint initiatives are successful especially while we work towards compliance and certification goals such as ISO27001, SOC2 etc. Our IT Operations team works closely with the Infosec whether it’s to resolve tickets on high priority or find joint goals to automate security operations.

18 views
3 comments
1 upvotes
Related Tags
Anonymous Author
Our information security team lives within IT who looks after corporate security and everything that's internal. We also have our product security team that we collaborate cross functionally to leverage tools, applications, and resources and ensure joint initiatives are successful especially while we work towards compliance and certification goals such as ISO27001, SOC2 etc. Our IT Operations team works closely with the Infosec whether it’s to resolve tickets on high priority or find joint goals to automate security operations.
0 upvotes
Anonymous Author
Our information security team recently moved out of IT and became part of our legal team. All of our legal, privacy, compliance, and security are now under the same umbrella. There's a lot of belief in separation of duties and getting IT out of security, but there are pros and cons to both sides of it. I'd say the way we work with them today is definitely a shared responsibility situation. Within my team and within the greater IT organization, there's a focus on the fact that we're the ones closest to things. We might suggest projects to Infosec, who also have their projects they suggest with us. So we're always giving Infosec our thoughts of, "Here's what we're seeing because we're closest to the ground." And then they share what they're seeing from other sources outside or what's going on in the industry in general. So it's a very collaborative thing, They're not waiting for IT to suggest things and we're not waiting to be told what to do either.
1 upvotes
Anonymous Author
They are part of the IT dept focusing on security across company focusing on only security issues but do attend IT meetings when appropriate.
0 upvotes