Assessing the performance of your security team is critical to knowing your current posture, as well as planning ahead. The Ultimate 2019 Security Team Assessment Template captures all the KPIs of the security team main pillars, and provides a simple way to measure how teams are operated in 2019, while setting up performance targets for 2020.
Building a template is challenging because security teams vary in size and internal responsibility distribution. Additionally, there is little consistency in the terms used to designate the various positions across the industry.
The template covers the following security roles and responsibilities:
Security Architect – Responsible for designing, building, testing and implementing security systems within an organization’s IT network for protection of both business and customer data.
Security Analyst Tier 1 – The Tier 1 Security Analyst is tasked with the initial triage and classification of security events at the ground level, supporting a 24x7x365 SOC.
Security Analyst Tier 2 – Tasked with conducting the technical aspects of response operation for critical events. This includes immediate containment, investigation, management of remediation actions, as well and enhancing defenses.
Security Analyst Tier 3 – Tasked with proactive discovery of undetected threats through ongoing monitoring of the environment for vulnerabilities and searching for the threats that can abuse it. Additionally, the tier 3 analyst conducts threat hunting and delivers real-time visibility into the environment’s security posture with penetration tests.
SOC Manager – Responsible for establishing and overseeing the workflows of security event monitoring, management and response. They are also responsible for ensuring compliance with SLA, process adherence and process improvisation to achieve operational objectives.
Director of Security – Oversees all the security-related functionalities within the organization, covering compliance with relevant frameworks, purchase, deployment and maintenance of security products, and breach protection workflows. Reports to the CIO and acts as the source of information for all cybersecurity-related aspects of the organization.