The procedural aspects and work valorization of an IT Security Service, Advice needed

[Mohamed Aymen SAHLI <sahli.aymen () gmail com>]

Hi list,

I need pointing on an issue i have with my new job and I hope to find
some help hereby.

I am occupying an IT Security engineer position within a telecom
operator, this position, and the matter of fact the whole security
service, is considered to be purely belonging to the operations
department having its duties mainly focused on maintaining the
day-to-day supervision and administration of equipments and such like.

There are two issues I would like to have you advice on:

First, due to the fact that maintaining the smooth working of the IT
Systems do not have direct appreciable results intelligible by the
manager’s board, what mechanisms do you guys  use to valorize you work
so it don’t goes overlooked.

Secondly, as a direct result of considering the security as plus or
minus a hardware administration matter, there is almost no procedures
in place relating to security, change management/security issues
logging and analysis etc… hence my question, what framework would you
use to develop the procedural aspect of security and how would you
convince the managers board of its importance. Are there any examples
of documents relating to security incidents reporting, security
project achievement follow-up etc… I could base my work on? …

Looking forward to reading from you. All inputs are appreciated.

Best regards.