Re: Should Security Team Be Split?
From: Aaron Maynard (fastturtle@adelphia.net)Date: 08/24/02
- Previous message: Michael Orion Jackson: "Re: Need OSs for home lab"
- In reply to: A. Bluecoat: "Should Security Team Be Split?"
- Next in thread: Martin, James E.: "RE: Should Security Team Be Split?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Aaron Maynard" <fastturtle@adelphia.net> To: "Security Basics" <security-basics@securityfocus.com> Date: Fri, 23 Aug 2002 19:53:02 -0700
----- Original Message -----
From: "A. Bluecoat" <abluecoat@hotmail.com>
To: <security-basics@securityfocus.com>
Sent: Friday, August 23, 2002 10:34 AM
Subject: Should Security Team Be Split?
> Hi all,
>
> My company is thinking about splitting up the security team along the
lines
> of Plan, Build, and Run. Planning being crystal ball stuff and oversee of
> security architecture. Build is the implementation of projects and Run is
> the actual day to day maintenance. We would all report to different
bosses.
> Any thoughts on this? Our thinking is we should stay together as a
team.
> The lines between Build and Run blend in so many areas. There is also
> knowledge transfer and the general sense that we are all on the same page.
> Appreciate your input. Thanks.
>
>
>
My thoughts, it sounds as though you company wants to begin creating a
security auditing department. They could be tasked with a variety of
responsibilities, such as QC and QA for any new security software. An
internal auditing department that is not responsible for the development of
an application, would be a very sensible split, because they would have the
responsibility of ensuring compliance before release.
As far as the transfer of ideas and knowledge, properly implemented, it
would actually increase due to the simple fact that not everyone will be
defending their coding. One thing I would suggest, is a rotation schedule of
two years for the purpose of increasing internal skills, and ensuring the
development of new products and solutions, especially since skills grow
rusty very quickly if they are not constantly challenged.
The daily run department, would actually be wise since your company could
transfer the normal operation over to the regular IT department. In house,
this could be critical since any bugs and design errors could then be found
by internal real world testing, especially if there is dedicated hardware
for the sole purpose of testing. The run staff would then have the
oppurtunity to become experienced with technical support issues, and what
they learn can be implemented into the application documentation, and with
feedback to the QC/QA team, could improve the product.
- Previous message: Michael Orion Jackson: "Re: Need OSs for home lab"
- In reply to: A. Bluecoat: "Should Security Team Be Split?"
- Next in thread: Martin, James E.: "RE: Should Security Team Be Split?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
