Security Basics mailing list archives
Re: Security Approval Process
From: tony tony <tonytorri () yahoo com>
Date: Thu, 27 Mar 2003 09:39:44 -0800 (PST)
Debbie, It is very important that you are not the only person approving security changes. The network and firewall people should also approve and signoff on all changes. You need to make sure that eveyone knows that you are not the owner of *security*..the user/network/administrators are. Be carefull, because if your network get broke into and you were the only person that approved the change..guess whose head is on the chopping block.
Hi, I currently approve of all production changes to our firewalls (internet and dmz) and also approve all VPN request for for external companies that want access into our network. We have 12 firewalls and about 700 production servers (Unix and Windows). This is my question: Do you do this as part of your job? I have no clue if this a normal task done by other security professionals. What are the pro's and con's of doing this.
===== Tony Torri CISSP, CISA, CDP, CIA Senior IS Security & Risk Manager 360.906.7893 (Work) Northern Telecom LLP __________________________________________________ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.surfcontrol.com/go/zsfsbl1
Current thread:
- Security Approval Process Debbie Torri (Mar 26)
- Managing Multiple OpenBSD-IP Filter firewalls Tim Heagarty (Mar 27)
- Re: Managing Multiple OpenBSD-IP Filter firewalls Brian Shaw (Mar 28)
- Re: Managing Multiple OpenBSD-IP Filter firewalls Ned Fleming (Mar 29)
- Re: Managing Multiple OpenBSD-IP Filter firewalls Brian Shaw (Mar 28)
- Re: Security Approval Process James Taylor (Mar 27)
- Re: Security Approval Process tony tony (Mar 28)
- <Possible follow-ups>
- Re: Security Approval Process JohnNicholson (Mar 27)
- Re: Security Approval Process securityfocus (Mar 28)
- Managing Multiple OpenBSD-IP Filter firewalls Tim Heagarty (Mar 27)