Re: CISO/Security Team roles and functions

[HITESH PATEL <hitesh50 () yahoo com>]

Operational Security under Head of IT-Operations does make sense in order to provide efficiency in timely manner. 
Head of IT-Operations can have Operational Security under him as long as there is Oversight team from INFOSEC looking 
into the work (or alteast on the approval chain of Firewall changes)

----- Original Message ----
From: soul <soul1273 () yahoo fr>
To: security-basics () securityfocus com
Sent: Monday, February 4, 2008 7:21:21 AM
Subject: CISO/Security Team roles and functions


Hi 
All,
In 
my 
organization, 
the 
IT 
security 
Team 
is 
in 
charge 
of 
risk 
management, 
security 
policies, 
and 
administration/management 
of 
access, 
rights 
and 
authorization 
for 
in 
some 
applications 
(SAP, 
SWIFT,...)and 
Firewals 
administration 
for 
traffic 
authorization 
on 
the 
network. 
But 
the 
new 
network 
division 
chief 
said 
that 
the 
security 
team 
should 
only 
provide 
security 
policies 
but 
not 
firewalls 
administration. 
He 
want 
the 
network 
team 
be 
in 
charge 
of 
the 
Firewalls 
administration. 
He 
said 
firewalls 
administration 
is 
operational 
security 
and 
should 
be 
perform 
by 
network 
team. 
But, 
I 
respond 
to 
him 
that 
there 
is 
need 
of 
segregation 
of 
duties 
and 
responsibilities. 
the 
Firewalls 
are 
installed 
by 
Network 
team 
but 
the 
administration 
of 
firewalls 
is 
perform 
by 
IT 
Security 
team 
like 
for 
the 
applications.

What 
can 
or 
should 
be 
the 
roles 
and 
functions 
of 
a 
security 
team 
in 
an 
organization?
There 
is 
a 
confusion 
concerning 
some 
terminologies: 
OPERATIONAL 
SECURTY, 
SECURTY 
ADMINISTRATION,....

thank 
you.


  
  
  
_____________________________________________________________________________ 
Ne 
gardez 
plus 
qu'une 
seule 
adresse 
mail 
! 
Copiez 
vos 
mails 
vers 
Yahoo! 
Mail 
http://mail.yahoo.fr