Re: Getting security back from the sys admin



Hi,

Does security team have operational responsability or only
control/audit responsability ?
I have known the same situation and I think every body is winner if
the two teams work
together.
You will always need expertise of system guy in system and security application.
And they need help of security team for the things for which they
don't have the time for :
security survey, audit and risk analysis methods, etc.
A good thing to know in order to keep good relations is to not
under-estimate their skills
and understand the production contraints.

An example :
you have to install a security audit tool to product reports about
security level of systems
they manage. Instead of just install it and make a report that is very
red because of a lot of
security weaknesses. Give them the referential with which this tool
works (like CIS security), so they can make a effort to increase the
systems security level before reports.
That is good because two teams have the same aim : increase security.
Anyway the reports will produce some weaknesses because lack of time or other.

another argument is to justify budgets against direction (it is easier
when two differents
teams are agree that an IDS is necessary).

In clear : be dip)lomatic and works together, the kwowledge and
productivity of everybody will be better.

Hope this helps,

Franck

PS : sorry for bad english language ;-)



Relevant Pages

  • Re: Pentester convicted..
    ... and thus politely forcing them take responsibility for the protection of privacy of the data they carry. ... and ignored the first 2 reports. ... A security pro notices a flaw, checks to make sure he is not on crack ... Download FREE whitepaper on how a managed service ...
    (Pen-Test)
  • Some over-classified al Qaeda files left on a train in England.
    ... The two reports were assessments made by the government's Joint ... According to the BBC's security correspondent, Frank Gardner, ... intelligence assessment on al-Qaeda is so sensitive that every ... Police are investigating a "serious" security breach after a civil ...
    (sci.military.naval)
  • RE: The Linksys WRT54G "security problem" doesnt exist
    ... several security lists and Internet news outlets, ... Just because no one else ever reports a problem does not mean it does not ... to my amendments and that he planned a follow-up to clarify. ... I *know* what I saw on the original units, but like I told Maggie, just one ...
    (Bugtraq)
  • In Asia Security Monitor
    ... HOMELAND SECURITY, THAI STYLE; ... government to resort to a new homeland defense tactic: ... The International Herald Tribune reports that government-run schools ... teachers, who are considered high-profile members of the community, ...
    (soc.culture.cambodia)
  • [NT] Multiple Vulnerabilities in SuperScout Web Reports Server
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Contains the usernames and passwords for each user of the reports server. ... an attacker can access any reports available on the ...
    (Securiteam)