I am wondering if there is a best practice when determining the right personnel for a security team.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
I have four people on my team: an administrator, a medium-rate technician with no prior network experience, and two expert security engineers with extensive network background. When the security team was being formed, one network/security guru came with me. He was in charge of the firewall, so the responsibility for the firewall came over to me.
The network manager was never thrilled about this. He thought he should manage the network security. My team only manages the Internet firewall, IDS and cache server. His team manages routine network security. We set policy for everything, then the other tech groups manage that security by following our policy. Do best practice security shops include experts that manage the Internet security -- the firewall, IDS, Internet routers? I'm afraid that if I give the responsibility back to the network group, our two experts will lose the challenge of configuring and testing for new vulnerabilities, and my team will lose their effectiveness. My team sets policy for all facets of security, but manages the physical devices of Internet security. Their expertise has lent itself well to spill over to the other areas of security as well as create policy. One thought was to just send them to the network group with the responsibility. I find this a conflict of interest.
This is a tough question and is one that many organizations face. My opinion is that for a security group to be truly independent and effective, they need to be their own department, not a subnet of networking or systems administration. This helps provide an increased level of checks and balances, as well as a better ability to develop and implement a cohesive security infrastructure. I have not seen this in practice in many companies, though, other than the very large corporations.
For more information on this topic, visit these other SearchSecurity.com resources:
Ask the Expert: Separating the roles of computer operator and systems administrator
Best Web Links: Security Management
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.