Tuesday, March 16, 2010

I Believe That There Should Be a Security Design Team and a Security Audit Team. All Security Operations Should Be Performed by Network Operations.

November 1, 2008 by Greg Ferro · Leave a Comment 

Keith Tokash opens up a topic close to my own heart, and one that I am work­ing on right now. Go there and add com­ments so that my job is easier :-)

I believe that there should be a Security Design team and a Security Audit team. All secur­ity oper­a­tions should be per­formed by Network Operations.

The SecAudit team should con­sists on con­sult­ing type people who love writ­ing policies, work­ing with man­age­ment and review­ing the work that has been delivered matches the plan and design. This includes review­ing Securty Operations (which is most likely delivered by Network Operations). They do not per­form hands on work, or any day to day activities.

The SecDes team are used to ref­er­ence and val­id­ate all Security changes against the ref­er­ence designs derived from Policy. They are Network Engineers with a spe­cial­isa­tion in Security and can assess impact on Network Integrity.

Leave com­ments if you want me to expound more on this topic.

CCIE Candidate — What Roles Do Security Teams Play vs. Infrastructure Teams?: “”

Please rate this post:

  Why Rate Posts?
1 Star - It\\\'s Crud2 Stars - It\\\'s Tosh3 Stars - Something\\\'s missing4 Stars - Needs works5 Stars - Good Enough6 Stars - Good7 Stars - Excellent8 Stars - Brilliant9 Stars - Astonishing10 Stars - Awesomely Godlike? (No Ratings Yet)
Loading ... Loading ...

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!