Security Basics: Starting a New Security Department/Division

["Chris Barber" <cmbarber () gmail com>]

Hi All,


I have been tasked with a very unique opportunity.  I have been
selected to be part of a 2 person team to rebuild the Enterprise
Security Division for a fairly large organization.  I want to take
this task as far as I can, and I am going to use all of the resources
available to me to make this new division the best it can be.



My feeling toward the division is that it should be more of an
oversight group not operational in nature.  The team would provide the
check and balance with in the IT department and the organization.
More detailed functions might include Internal Vulnerability
Auditing/scanning, Policy review, Firewall and IDS/IPS review, just to
touch on a few.



The organization currently has a Security team in place but it was
created for show and tell purposes.  There is new management in place
and they want to see that change.  The Junkyard dog is getting his
teeth.



Here is where you, the list members, come in.  I would like to hear
how you might build you "dream" Security department.  What functions
the department would carry out, who it would report to with in the
organization, staffing needs, etc.



Please try to keep comments constructive.



Thank you in advance for your insight.



Chris.