Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Network Engineer vs. Network Security Engineer (UNCLASSIFIED)

From: "Natividad, Victor E Mr CTR USA" <victor.natividad () us army mil>
Date: Mon, 11 Jan 2010 11:51:42 -0500
Classification:  UNCLASSIFIED 
Caveats: NONE

Use regulations to your advantage.  Security best business practice dictates segregation of duties and transparency as 
a way to expose any possibility of collusion.  Segregation of duty is age old.  That is why Accounts Payable is 
separate department from Accounts Receivable.  No one should have unfettered access to everything.   Transparency is 
what made our country so strong.  We know about corruptions and wrong policy decisions because our society is open.  
CISA calls this segregation of duties.  If you demand transparency, the regulations for your organization might back 
you up but you have to do your research.  Keep in mind that this is contentions and could turn into a pissing contest.  
You have to be prepared for that and not take anything personal.  After all, this is just business (Security Business). 
 

Respectfully,
 
Vic Elijah A. Natividad
Senior Informaton Assurance Administrator
Chugach Industries, Inc
Ofc, 973-724-3409
FAX, 973-724-3677
DSN 312-880-3409
victor.natividad () us army mil
vic.a.natividad () us army smil mil
IA Commercial Hotline: 973-724-9200
IA DSN Hotline: 880-9200
CLASSIFICATION: UNCLASSIFIED
CAVEATS: NONE


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Johnathan
Sent: Saturday, January 09, 2010 12:04 PM
To: security-basics () securityfocus com
Subject: Network Engineer vs. Network Security Engineer

Hello List,

I am Security Engineer/Analyst at a company who is currently building their security program and have run into a issue 
on defining a Network Security Engineer's roles and duties versus a Network Engineer (on the LAN/WAN side) and where a 
line is drawn and what should overlap.

This subject came about when I requested access to our Cisco IPS, IDS and ASAs. The senior engineer (who, by the way, 
is the only person who has full access to all of our Cisco routers, switches, IPS, IDS, ASAs, etc.) within my company 
fought to disallow my access.

We have Cisco MARS implemented, and I am the primary manager of that device and require access to our Cisco security 
devices (IPS, IDS, etc.) to sufficiently tune and update the appliance.

Was I and am I wrong for requesting access and wanting it? Where should the line be drawn as far as duties and roles? 
Not just for Cisco security devices but on an enterprise wide scale.

I would really appreciate any responses to this.

Than You. 

----
Johnathan

Sent via BlackBerry by AT&T
Classification:  UNCLASSIFIED 
Caveats: NONE


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: