Firewall Wizards mailing list archives
Re: Role of a Security Administrator
From: Harris Raymond D JR Civ AFAA/MSI <Raymond.Harris () wpafb af mil>
Date: Tue, 9 Jan 2001 13:39:27 -0500
Maddy (<mwlalex () magix com sg>), You wrote:
1. creating security policies, standards and guidelines 2. administering user and resource controls 3. ensuring security compliance 1. Is it practical for the same group to perform task (2) and (3) ? 2. Some said task (3) belongs to audit group but from my discussion with my audit folks, they are interested only mainly in accountabilities and controls (and proper procedures), they do not perform micro-analysis of systems and networks to ensure security compliance. Are they telling the right things ?
The answer will depend upon who will be the customer. The head of the IS group? or the CEO? Any organization can have people within the same group who 'check' to ensure workers are complying with policies. The problem comes with the issue of independence. The IS group may well want to have someone check the work of the system administrators, and perhaps at a very technical level. The auditors are going to be more concerned with ensuring that internal controls are in place to ensure policies are implemented. One such internal control might be a 'self-inspection' by the IS group. Stated another way, the audit function would check whether the IS group has procedures in place to find and mitigate vulnerabilities. It is the IS groups function to actually do the 'find and fix' I hope this helps, Ray Harris _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Role of a Security Administrator, (continued)
- Re: Role of a Security Administrator Webmaster (Jan 08)
- Re: Role of a Security Administrator Magosányi Árpád (Jan 08)
- FW-1 and RPC with MSDTC Javier Megias (Jan 10)
- Re: FW-1 and RPC with MSDTC Michael Nelson (Jan 11)
- Re: FW-1 and RPC with MSDTC Darren Reed (Jan 12)
- RE: FW-1 and RPC with MSDTC Andrew Helm-Cowley (Jan 12)
- Re: FW-1 and RPC with MSDTC Darren Reed (Jan 12)
- Re: FW-1 and RPC with MSDTC Michael Nelson (Jan 15)
- Re: FW-1 and RPC with MSDTC Michael Nelson (Jan 15)
- FW-1 and RPC with MSDTC Javier Megias (Jan 10)