RE: CISO/Security Team roles and functions

["Worrell, Brian" <BWorrell () isdh IN gov>]

I think that you should never have the fox guarding the hen house...

So if the Network team does the work, then you should be able to Audit /
review it, at least in a perfect world.  In this case, a good change
control policy with Security review is the plan I would take. 

Just my two cents. 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of soul
Sent: Monday, February 04, 2008 7:21 AM
To: security-basics () securityfocus com
Subject: CISO/Security Team roles and functions

Hi All,
In my organization, the IT security Team is in charge of risk
management, security policies, and administration/management of access,
rights and authorization for in some applications (SAP, SWIFT,...)and
Firewals administration for traffic authorization on the network. But
the new network division chief said that the security team should only
provide security policies but not firewalls administration. He want the
network team be in charge of the Firewalls administration. He said
firewalls administration is operational security and should be perform
by network team. But, I respond to him that there is need of segregation
of duties and responsibilities. the Firewalls are installed by Network
team but the administration of firewalls is perform by IT Security team
like for the applications.

What can or should be the roles and functions of a security team in an
organization?
There is a confusion concerning some terminologies: OPERATIONAL SECURTY,
SECURTY ADMINISTRATION,....

thank you.


 
________________________________________________________________________
_____
Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo!
Mail http://mail.yahoo.fr