There is no doubt that a lot of people are scared of taking up a cyber security career because they have the general belief that cyber security is all about IT and as a result, the profession is only meant for people with an IT background.
NON-TECHNICAL SIDE OF CYBER SECURITY
For organizations with robust cyber security teams, there is a combination of the core technical staff and the non-technical staff in the cyber security team, both working collaboratively.
The non-technical staff mainly focuses on GRC (Governance Risk & Compliance) The GRC team is where you find cyber security staff without a technical background. They focus on implementing policies, procedures, and rules. They among other roles are also involved in asset risk management and managing suppliers/third-party risks. Other responsibilities of the non-technical staff include monitoring and implementing compliance with Standards and Frameworks like ISO 27001, NIST, Cyber Essentials, PCIDSS. etc.. depending on the Standard adopted by the organization. What that means is that they must understand the compliance requirements of such standards.
TECHNICAL & NON TECHNICAL COLLABORATIONS
The security standards contain both technical and non-technical requirements that must be implemented by organizations in order to remain safe and protected from cyber-attacks. These requirements of the standards are called security controls or safeguards.
The technical staff is responsible for configuring such technical controls and not the non-technical staff. It is the responsibility of the non-technical GRC staff to ensure that such configurations are implemented by the technical staff.
A good example is that the Standard ( ISO, NIST) will recommend that there must be a strong password constraint. The GRC person will draft a password policy and a procedure for implementing the policy with recommendations of what a strong password should contain. It is now the responsibility of the technical staff to configure the password rules from the backend in accordance with the requirements stated in the password policy.
What is required of you as a non-technical person is to have basic knowledge of what should be implemented and make recommendations for implementation by the technical team.
Become a cybersecurity professional, NO IT BACKGROUND NEEDED. Get trained by experts in just 5 weeks from beginners to expert level. To join the next batch check out the details on the flyer on this page or contact us Call or Whatapp +44 0744 028 1097
info@cybermentors.co.uk
I have read some excellent stuff here. Definitely value bookmarking for revisiting. I wonder how much effort you put to make the sort of excellent informative website.