Ask the Expert

Best practices for the roles of security personnel

I am wondering if there is a best practice when determining the right personnel for a security team.

I have four people on my team: an administrator, a medium-rate technician with no prior network experience, and two expert security engineers with extensive network background. When the security team was being formed, one network/security guru came with me. He was in charge of the firewall, so the responsibility for the firewall came over to me.

The network manager was never thrilled about this. He thought he should manage the network security. My team only manages the Internet firewall, IDS and cache server. His team manages routine network security. We set policy for everything, then the other tech groups manage that security by following our policy. Do best practice security shops include experts that manage the Internet security -- the firewall, IDS, Internet routers? I'm afraid that if I give the responsibility back to the network group, our two experts will lose the challenge of configuring and testing for new vulnerabilities, and my team will lose their effectiveness. My team sets policy for all facets of security, but manages the physical devices of Internet security. Their expertise has lent itself well to spill over to the other areas of security as well as create policy. One thought was to just send them to the network group with the responsibility. I find this a conflict of interest.


    Requires Free Membership to View

This is a tough question and is one that many organizations face. My opinion is that for a security group to be truly independent and effective, they need to be their own department, not a subnet of networking or systems administration. This helps provide an increased level of checks and balances, as well as a better ability to develop and implement a cohesive security infrastructure. I have not seen this in practice in many companies, though, other than the very large corporations.


For more information on this topic, visit these other SearchSecurity.com resources:
Ask the Expert: Separating the roles of computer operator and systems administrator
Best Web Links: Security Management


This was first published in December 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: