Q

Handling vulnerability assessment activities

Our security management expert discusses the importance of having a security team that handles vulnerability assessments within in your organization and outlines functions and tasks each division should be responsible for.

Should vulnerability assessment activities fall under the compliance key control or system development and maintenance control?

The best structure for most organizations is to have a security team responsible for carrying out vulnerability

assessments. This team is usually led by a security administrator and is overseen by a CISO or CSO. Ideally, the IT operations and network group maintains the systems and the network, and a separate security team -- even if it's just one person -- assigns permission rights, configures security products, reviews logs for security incidents and carries out vulnerability assessments. These groups should be separate because each has a different focus. The network group needs to focus on time and availability. If a system goes down or network connectivity is lost, the network group will be on the hot seat. The security team has the focus of securing the environment.

If security and network responsibilities fall within one group, let's say the IT group, and it is not segregated, usually there isn't enough focus on security. To avoid any conflicts of interest, it is important that the security administrator does not report to the network administrator. The security administrator should report to the CSO and the network admin should report to the CIO. While many organizations aren't large enough or security mature enough to support this structure, it is the best one to work towards.

This was first published in December 2005

Dig deeper on Security Awareness Training and Internal Threats-Information

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close