Afghanistan news »


Apr

26

Brazil flag

Category: Uncategorized |

Re: CISO/Security Team roles and functions

i am skin a consanguineous issue of roles and job responsibilities. security analyst though reports to a non-it administrator vp role but so does, a database administrator, a software quality guts personnel and it manager(s).

Is this a correct organisational structure?Can DB Admin and QA function be made reporting to Security Analyst?If this senior security analyst has to hire a few helping hands, what are the usual ‘job titles’?

It’s still a one man shop being asked to expand into a department. If security analyst has to ask for a change in the job title in the expanded scheme of things but is still not ready for ‘CSO / CISO yet’, would IT security architect, IT security engineer be more appropriate?

—– Original Message —– From: <amatachick@gmail.com>To: <security-basics@securityfocus.com>Sent: Tuesday, February 05, 2008 1:02 AMSubject: Re: CISO/Security Team roles and functions

> This is an issue I’ve run into on every Information Security job. > Sometimes Information Security takes care of the firewalls and IDSs and > sometimes that job goes to the Network Administrators. I’ve worked in both > environments. I have to say from personal experience the later is much > more common, especially when you get to a management level. I am fine with > it being either way as long as Information Security can fully, and without > the Network Administrator’s prior knowledge, audit the Firewall and IDS > configurations and logs. I don’t believe that separation of duties and > responsibilities applies so much in this scenario as in the bigger > picture.>>> I’ve run into the most issue with segregation of duties and > responsibilities at the departmental level. The key question being, who > does Information Security report to? I, personally, don’t think it should > be Information Technology. I feel that Information Security should really > be its own department or at the least report to compliance or legal > departments.>>> To be succinct, I believe it is the job of Information Security to ensure > and/or report incidents, non-compliance to policies and procedures, > firewalls and IDSs are functioning properly, and conduct > audits/assessments.



Recently:


You must be logged in to post a comment.

Name (required)

Email (required)

Website

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Share your wisdom

  • Calendar

    April 2008
    M T W T F S S
        May »
     123456
    78910111213
    14151617181920
    21222324252627
    282930  

  • Asides

      Place for sideblog or ads

      Nullam sit amet nisl ac erat luctus tincidunt. Etiam dui lectus, vulputate eget, dignissim ut, bibendum eget, odio. Donec dignissim sapien. Duis est. Aenean sit amet orci eget risus gravida tempor.

  • FlickR

      Solitude
      Solitude
      Solitude

  • My del.icio.us