
	Home > Ask the Security Experts > Expert Archive: Security Management Questions & Answers > How to manage a total security package

Ask The Security Expert: Questions & Answers

EMAIL THIS

How to manage a total security package

EXPERT RESPONSE FROM: Shon Harris

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 20 February 2006
I'm a systems engineer and am interested in moving to infosec. Ideally, I would like to be part of a group involved in managing a total security package or one that deals with all aspects of this field. Does this position exist, or is it typically broken up into different technology-based areas such as network, ID, application, etc?

EXPERT RESPONSE

While I am not 100% clear you what are referring to when you state, "managing a total security package," but these positions do exist.

A CISO or CSO has to "manage a total security package" within an organization, which includes technology, policies and procedures, personnel, business processes and more. A person who will effectively fulfill one of these roles has to be extremely well-rounded in all aspects of security and motivated to continually learn and be challenged.

Since you are a systems engineer, you may be referring to a "total security package" as a holistic technical security environment. This environment would consist of access control technologies, firewalls, IDS /IPS, antivirus and more. A security administrator would be responsible for managing this type of environment, which to be clear, is different than a network administrator. A security administrator is more concerned with who is accessing company assets and what they are allowed to do with those assets. On the other hand a network administrator is responsible for monitoring the availability of the network -- the nodes and devices that make up the network -- and has to ensure that it is always up and running and performing properly.

While the security team can be made up of individuals who specialize in specific technologies and applications, the security administrator has to understand all of them, and has to ensure that they all work together in a synergist manner.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Network Access Control Basics
	Learn how to choose NAC services
	Exploring Microsoft's Network Access Protection policy options
	Companies Finding a Place for Maturing NAC Projects
	Sophos finds patching issues through endpoint NAC tool
	Forrester: NAC ready for wider deployments
	Which is a more secure data access technology: SPAN or TAP?
	Quiz: Using NAC to create a strong endpoint security strategy
	Phased NAC deployment for compliance and policy enforcement
	What should an internal support model for identity management look like?
	Security Wire Weekly: Sizing up the NAC market

Creating and Managing Information Security Policies

Learning the language of global compliance

IT security pros face challenge during economic crisis

Interview: Chris Nickerson of TruTV's 'Tiger Team'

IT security not valued at many firms, study finds

What value do research firms provide to enterprises that subscribe to their services?

Sound compliance policies, practices reduce legal costs

Exploring Microsoft's Network Access Protection policy options

IAM best practices for employees with varying degrees of access to the same computer

How to avoid DLP implementation pitfalls

Is there a published standard or guideline for system hardening?

Creating and Managing Information Security Policies Research

Expert Archive: Security Management

How should information security and networking groups coordinate firewall management?

How is ISO 17799 different from SAS 70?

How can a call center achieve compliance with ISO 27001?

How should a company's security program define roles and responsibilities?

How to get executive management interested in an information security program

How can IT professionals bring security concerns to senior management?

Should a single security officer control both physical security and information security operations?

Should an organization centralize its information security division?

How to create guidelines for using removable storage devices

How can I attain CISSP credentials?

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

Kerberos (SearchSecurity.com)

masquerade (SearchSecurity.com)

phreak (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business
Targeted Security Channel Tips for Resellers, Integrators and Consultants

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2003 - 2008, TechTarget \| Read our Privacy Policy