What does infosec do at your org? Are they handling day-to-day maintenance and changes of devices? Do they own any of the security stack or is that totally under your control?
Or are they more responsible for operations...setting/enforcing policy, reviewing logs, advocating for new controls (and getting the CISO to find money for them)?
Curious how other orgs are structured.
Thanks
No comments:
Post a Comment