Security Basics mailing list archives
Re: Re: When IT Manager breaks rules
From: danogh () gmail com
Date: 23 May 2007 04:00:56 -0000
It is important that your security processes havent just come out of a vacuum - even a well informed vacuum. At the very least you need management support for the basic principle "this is how new user accounts are created" and that usually comes from appraising them of the threats and risks before putting the policy in place. Part of the supported policy would, of course, include the scope for monitoring and incident response that would allow you some latitude to deal with critical incidents without going though management approval processes. I would vary the previous poster's comment to say that if you are the security dude working in an environment where there is no timely way for you to get management support for security policy, get out quick. A security professional has no leverage if they do not have the clear and unambiguous support of the people responsible for accepting security risk for the organisation and part of maintaining that support is not ambushing them with policy - and if you dont support for the policy you know you are going to have buckleys chance of getting anywhere with enforcement.
Current thread:
- Re: RE: When IT Manager breaks rules reb93720 (May 22)
- <Possible follow-ups>
- Re: Re: When IT Manager breaks rules danogh (May 23)