Does the head, director of the information security department conduct pentests of his infrastructure, department himself?

E

Erokha Yeldobaev2019-03-16 00:03:51

Information Security

Erokha Yeldobaev, 2019-03-16 00:03:51

It is clear that he is responsible for security, but if this is more of a managerial role - what does he do in terms of technical. skills?
Or does he hire a third firm that does audits and penetration tests?
Or does he orchestrate the whole strategy, giving direction to pentesters?
He's not looking for holes in his department's security, after all.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

athacker, 2019-03-16
@erjan

Depends on job responsibilities and skills. If the leader is able to do pentesting himself, then why shouldn't he do it periodically?
But in general, yes - its task is to ensure the minimization of information security risks. And how exactly he will do it is the tenth thing. There are personnel in the department with certain competencies and knowledge, there is a department budget, there is an information security strategy. It is within the framework of these three resources that we need to act.

C

CityCat4, 2019-03-18
@CityCat4

What does he do technically? skills

It does what it is supposed to do according to DI. And how he does it is his business, that's why he is the decision maker