Firewall Wizards mailing list archives
Role of a Security Administrator
From: Maddy <mwlalex () magix com sg>
Date: Sun, 07 Jan 2001 02:42:44 +0800
I read an article some time ago (sorry I can't remember the source at the moment) that the line between the roles of a security administrator and a system administrator is becoming blurred. Due to the nature of both jobs requiring either a superuser ID (UNIX) or administrator rights (NT), segregating both roles is getting increasingly difficult. For those who had read my other thread on VAJ, you would see an example of what I am raising over here. Would anyone want to share his/her views on this ? My second point of discussion is on tasks of a information security group. I think the popular tasks involve 1. creating security policies, standards and guidelines 2. administering user and resource controls 3. ensuring security compliance ...etc Currently I am trying to fine-tune the role of an information security (IS) group and I wonder if anyone could share with me what is the industry practice. My questions are 1. Is it practical for the same group to perform task (2) and (3) ? Aren't they conflicting ? 2. Some said task (3) belongs to audit group but from my discussion with my audit folks, they are interested only mainly in accountabilities and controls (and proper procedures), they do not perform micro-analysis of systems and networks to ensure security compliance. Are they telling the right things ? 3. I am thinking of splitting the IS group into 2 teams, a security implementation team and a policy & compliance team. However, recent assessment by a contracted consultant recommends that there will be a conflict of interest in the IS group performing both implementation and compliance verification tasks. I see that compliance verification ensures the quality of the implementation and there is no conflict. What do you guys think ? 4. Another possibility would be to move the security implementation responsibilities to the system administrators and the IS group would concentrate only on policies and compliance tasks. Is this a common practice ? I am sorry for the long mail but the answer to this cannot be found in any textbooks. :=) I don't have much choice other that to resort to expert opinions on this. My most sincere appreciation to anybody who can contribute to this. TIA Rgds Maddy _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Role of a Security Administrator Maddy (Jan 08)
- Re: Role of a Security Administrator Bennett Todd (Jan 08)
- Re: Role of a Security Administrator Webmaster (Jan 08)
- Re: Role of a Security Administrator Magosányi Árpád (Jan 08)
- FW-1 and RPC with MSDTC Javier Megias (Jan 10)
- Re: FW-1 and RPC with MSDTC Michael Nelson (Jan 11)
- Re: FW-1 and RPC with MSDTC Darren Reed (Jan 12)
- RE: FW-1 and RPC with MSDTC Andrew Helm-Cowley (Jan 12)
- Re: FW-1 and RPC with MSDTC Darren Reed (Jan 12)
- Re: FW-1 and RPC with MSDTC Michael Nelson (Jan 15)
- Re: FW-1 and RPC with MSDTC Michael Nelson (Jan 15)
- FW-1 and RPC with MSDTC Javier Megias (Jan 10)