This memo will argue, for reasons described below, that the cybersecurity department should fall under the Information Technology department.
Finance Department
Though it could protect the Finance department from potential breaches, there might be a better placement for the cybersecurity program. Other than protecting against breaches, the cybersecurity program would not have much purpose in being under finance. Additionally, the department may need to gain the technical knowledge to handle the program. The main purpose of the Finance department is to regulate the company’s budget which does not align with the purpose of the cybersecurity program.
Operations
The Operations department focuses on the well-being and efficiency of the company. Operations is also prominent to other departments such as the supply chain and HR, which could use the help of a cybersecurity program. However, the program being under Operation might take away from the department’s focus on managing the structure of businesses. The department also may not have experience in working with cybersecurity which could cause future problems. The collaboration between the two departments would not be as strong because of Operation’s lack of cybersecurity and technological skills.
Reporting to the CEO
The idea of the cybersecurity program reporting to the CEO is not terrible. On one hand, reporting to the CEO would make communication between departments quicker. They could quickly apply security measures throughout the other departments. Working directly with the CEO also will help make the company more proactive with problems in the digital world. However, with the cybersecurity program reporting directly to the CEO, they would have less communication and connection with the other technical departments such as IT. For a cybersecurity program to work efficiently, it must collaborate well with the different departments and the resources needed to guarantee the effectiveness of the security.
Information Technology
The best department for the cybersecurity program to fall into would be the Information Technology department. With the two teams working together, they could easily complete tasks to ensure the company’s protection against threats. They both have advanced technological skills and use the same resources. Additionally, instead of using money on new technology, the company can use the money to improve the cybersecurity program and buy more advanced security technology. The company would also have a choice of lowering the budget for the program. The IT department is usually informed of cybersecurity attacks; if the cybersecurity program works with IT, it will easily communicate and respond to threats quicker.
However, people could argue that they have two different objectives in the cyber world. IT focuses on making sure the company’s technology is running smoothly and responding to problems quickly while cybersecurity focuses on improving the system’s security. IT tends to work quickly and smoothly; security protocols may slow the IT department down with security updates and patches. On the other hand, the two different departments can balance the workload while also enhancing each other’s abilities. Disruptions, such as security updates, may be scheduled and other departments can be warned ahead of time.
Conclusion
Out of the four departments discussed, Information Technology would be the best department for the cybersecurity program to work with. They are knowledgeable in the same field, helping the connection and teamwork between departments. IT and cybersecurity will work together to battle security and overall technological issues to ensure the company runs smoothly.