Home page logo

basics logo Security Basics mailing list archives

Re: best place for IT Security team in the company organisation
From: Kenneth Swain <ken () kenswain com>
Date: Wed, 8 Aug 2007 12:52:14 -0500

On Aug 8, 2007, at 11:51 AM, soul wrote:

Hi All
In my company , there is a issue regarding the ITSEC Team place in the company organisation. We have IT Department with telecoms & network division, Applications development Division, and Business process Division. Initially, the ITSEC team is rattached directly to Director of the IT Department office. But now, some people want the Security Team to be splited as follow in two : - strategy, BCP & policies rattached to IT Director office or the Vice-president office - and security operations (only Firewall admin, VPN implementation and admin) rattached to the telecoms and network Division.

Could you advice me on the issue..... some best practices...

thank you

In our organization we have it split where strategy happens in one department and operations happens in another. In my opinion you really do not want the InfoSec department reporting to the Directory of IT. It normally does much better when it is set under its own director.

Ken Swain
ken () kenswain com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]