RE: Segregation of Development and Production Networks

["David Gillett" <gillettdavid () fhda edu>]

  I wish I could point you to a referencable source, but
perhaps my comment can help point you in an additional 
direction to look....

  Best practices dictate that production operations fall 
under the company Operations structure which, if not a
separate division in its own right, is part of the finance
and accounting organization.  Development is usually part
of an Engineering structure.  COO versus CTO.
  This seems to be the only way to give production operations
the necessary authority to reject stuff out of engineering
that isn't quite "ready for prime time".

David Gillett


> -----Original Message-----
> From: WhtWlf2001 [mailto:whtwlf2001 () yahoo com]
> Sent: October 2, 2003 05:02
> To: security-basics () securityfocus com
> Subject: Segregation of Development and Production Networks
>
>
> All,
>
> I'm hoping individuals on the list here can point me towards 
> referenceable resources of
> information that describe the risks associated with not 
> segregating Development and Production
> networks. Anectodal information is great but I really need 
> referenceable information.
>
> I've conveyed the risk information to the organization and at 
> a high level tried to get them to
> understand this is a best/leading practice principal to 
> (among other things) ensure a development
> bug/process does not interfere/interact with the production 
> environment.
>
> I'm getting increasing pressure to provide reference material 
> to back up this position but came up
> empty in a recent google search.
>
> Thanks in advance for your help.
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> --------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------