Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IT Security organizational structure

From: tony tony <tonytorri () yahoo com>
Date: Sat, 16 Oct 2004 21:21:09 -0700 (PDT)
Jason, 

The model that works the best (based upon my experience working for several
companies) is a centralized IT Security function that reports to the highest
person in the IT function (VP of Information Services, CIO, etc). 



--- Jason Chung-Tung <jason.chung-tung () rogers com> wrote:


Hi everyone -

I am interested to know how large enterprises are approaching security in 
their organizational structure. I have seen several models so far. One model 
consists of having a centralized group (IT Security group) which owns its 
own technical resources (i.e. network, systems, servers, application, 
physical, human resources, etc.). These resources have the dedicated 
responsibility to develop policies, standards, guidelines and procedures, as 
well as, define architectural designs.  However, it is not always practical 
is large organizations, as the resources may be under-utilized.

On the other hand, I have also seen organization charts which distribute the 
security function across all departmental domains. For example, the Network 
Engineering and Planning dept would have dedicated resources to look after 
policies, standards, guidelines and procedures, as well as, define 
architectural designs. The IT operations group would have dedicated 
resources to provide the following functions: implementation, management, 
monitoring, and maintenance.

Can anyone point me in the right direction where I can find a detailed 
analysis of the pros and cons of doing business in each way? Is there any 
study done by research organizations (like Gartner Group) on this subject? 
How is it handled in your organization?

Thanks in advance for your insight.

Jason.





=====
Tony T. CISSP, CISA, CDP, CIA
Senior IS Security & Risk Manager
360.906.7893 (Work)
Northern Telecom LLP


                
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
Previous By Date Next
Previous By Thread Next

Current thread: