Placement of the Cybersecurity Department

Posted by aherm004 on

BLUF: Based on my experience, I personally recommend that the new Cybersecurity Department be placed under the Information Technology department. 

Integration

Pros:

  • Cybersecurity is often paired with Information Technology within the industry primarily due to specific infrastructure such as networks, servers, and endpoints
  • With it being located within such a similar department, providing real-time patches and solutions will be made significantly easier to communicate
  • When deciding on managerial and system changes, having integrated both departments will help both departments plan something that’ll benefit each of them

Cons:

  • Sacrificing IT’s primary goal of prioritizing speed and availability
  • Due to the similarity within the departments, it’s possible that they won’t see the Cybersecurity Department as its own

Efficiency

Pros:

  • Allocating them within IT reduces the risk of basic mistakes and delays when installing technical controls
  • The Cybersecurity Department can take advantage of pre-existing IT tools and tools to both save money and time
  • Incident detection and response can occur quickly due to IT overseeing the hardware that detects incidents

Cons

  • There are other aspects of Cybersecurity that don’t directly involve Information Technology(Supply Chain for example), which may ultimately distract both departments
  • Being directly under IT may mean that operational optimization additions could be prioritized over security concerns

Relation to Business Needs

Pros:

  • IT is typically widespread across a business, giving Cybersecurity the platform to also support company-wide operations alongside it
  • Digital projects are both managed and secured better when both departments work together
  • Having both departments coexist makes reporting technological issues and threats much easier

Cons

  • Again, it’s certainly possible that a higher-up may need to properly allocate the Cybersecurity Department a way to vote/have an opinion within the organization
  • Prioritizing risks and issues may be a common conflict if only looking at them from a technological basis

Conclusion

While inserting the Cybersecurity Department within one of the other departments may work, placing it within the IT Department is the most well-rounded choice for our organization. This decision ensures technical integration, operational efficiency, and alignment with business needs, whilst maintaining a fair platform to be governed the same as other departments.

Leave a Reply

Your email address will not be published. Required fields are marked *