Network Security (NetSec)

  • Use VLANs for segmenting the network (guests, file servers, IoT devices)
  • Use separate WLAN SSIDs for guests
  • use 802.1x/RADIUS

Typically tiered Jr./Sr. or by levels. They are typically SOC monkeys with differing levels of responsibility but they typically stare at a SIEM and close alerts.

again typically tiered. This is the team that maintains the security tools. They fix the SIEM or Vulnerability Scanner etc. Thus role typically specializes into a specific tool set such as SIEM, AV, vuln scanners, etc.

they build custom tools, build plug-ins or other automation tools.

they either find their own threat information or correlate existing information into something relevant their soc team or management can use or understand.

also called a red team. They are the team that actively attacks a defended environment to find gaps, vulnerable systems or misconfigurations that automated tools miss.

typically the team that manages or works security events that are escalated to breaches or incidents.

typically deals with audits. And ensures that the technical security controls and configurations meet the applicable requirements for requirements.

manage the firewall and or IDS/IPS rules and exceptions however this could be done by the network team too… Just depends on the organization.

could either be a security person or a good systems/application team. This person ensures all patches are applied based on their risk.

checks or verified DLP alerts to ensure the data being sent is a for a valid purpose and/or sent in a secure method.

designs organizational security architecture, selects products, reviews and recommends staffing skills, reviews and recommends policy. Obviously not many of these folks around, relative to the groups you identified, though.

  • Last modified: 2024-07-05 14:31