Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security Approval Process

From: tony tony <tonytorri () yahoo com>
Date: Thu, 27 Mar 2003 09:39:44 -0800 (PST)
Debbie,

It is very important that you are not the only person approving security
changes.  The network and firewall people should also approve and signoff on
all changes.  You need to make sure that eveyone knows that you are not the
owner of *security*..the user/network/administrators are.  Be carefull, because
if your network get broke into and you were the only person that approved the
change..guess whose head is on the chopping block.




Hi, 

I currently approve of all production changes to our firewalls (internet and
dmz) and also approve all VPN request for for external companies that want
access into our network. We have 12 firewalls and about 700 production
servers (Unix and Windows).  

This is my question: Do you do this as part of your job?  I have no clue if
this a normal task done by other security professionals. What are the pro's
and con's of doing this. 



=====
Tony Torri CISSP, CISA, CDP, CIA
Senior IS Security & Risk Manager
360.906.7893 (Work)
Northern Telecom LLP

__________________________________________________
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com

-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfsbl1
Previous By Date Next
Previous By Thread Next

Current thread: