Solved

Security

Posted on 2002-03-10
10
188 Views
Last Modified: 2010-04-11

 Hi expsrts,

  I need your opinion in this question :-

  Do you think that IT Security Department can be   considered as either a part of the Corporate IT support department or as part of the Corporate Security department? and why ? please justify your chosen line ?
0
Comment
Question by:saeeddxb
10 Comments
 
LVL 11

Expert Comment

by:geoffryn
ID: 6855624
It would depend on the business model.  The particular expertise required for IT security is most offt4en found in or related to IT, but security is a defense in depth concept that also requires physical security.  As a general rule I would say that it should be under IT with stronger connections to corporate security.
0
 

Author Comment

by:saeeddxb
ID: 6856041

 what do you mean with business model ? for example im
 an IT manager of a company of 2000 employee and for a budget reason you have been asked to consider the above question ?
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6856969
For most companies up to a certain size, they may not have a well defined coporate security department, but almost all will have an IT department.  Therefore IT security fits well into IT in that business model.  Larger comapnies are more granular in their model and may have the resources to separate out this function.
0
 
LVL 24

Accepted Solution

by:
SunBow earned 100 total points
ID: 6861718
> IT Security Department can be considered as either a part of the Corporate IT support department or as part of the Corporate Security department?

No. No choice. It is first one, period.

> and why ?

This "Corporate Security department" is title for building security, guard at door, having employees wear badges, rules like that, even parking regultions and which doors can be used for coming and going, and what you can physically take in or out of a building or room. This is not what I call IT, also there'd be some overlap for situations involving employee badges that can also permit electronic access to rooms or computers.

> IT Security ...in... IT support

If no better reason here, These both have acronymn "IT"

Similar answer if acronymn is "IS"

These involve corporate information and how it is maintained electronically. The building people can use keys, sheets of paper and pen, do not need electronics. IS and IT can live without keys, or pens, but need the electronics for their tasks concerning corporate information.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6861727
> For most companies up to a certain size,

yeah, in a big building, small company may have no choice on building security. But have the choice for their IT staff functions.

This could be farmed out, hiring contractor or consultants to run, but it remains same kind of function, using the electronics.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 24

Expert Comment

by:SunBow
ID: 6861752
> under IT with stronger connections to corporate security

I think this has changed, if for no other reason than worms, outlook, and firewalling. It used to be that any corporate security job was just making rules and delivering sheets of paper saying "obey rules".

But now, you really have to have a much better grasp on IT in order to understand how to make up rules, and which ones should be more prioritised.

For example, some old 'rules' would go simply "no personal email", "do not surf internet", very impersonal and impractical.

Now, they may need to learn forensics, or how to use computer-enabled tools to make discoveries.

So a more interesting question could be, how closely they are getting related to Network Administration these days.
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6861764
A number of Fortune 500 companies rely on the (ISC)2 model for Information Security.  This model specifies that physical access is a strong requirement for IS.  It also specifies that process and human factors contribute IS breach.  To that end, they have consolidated their security.

Is the technology different , yes.  Is the point different, no.  The point is to preserve intellectual property and commany assets.  
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6865907
I'm not sure if this helps your situation, but I concur with geoffryn concerning inattentiveness to internal physical security. While a virus or worm gets headliner, substantial and perhaps more abuse can arise from disgruntled employees, or simply, from being too lax. Physical access (to buildings, to rooms, to keyboards) is among the more difficult to defend, and must be coordinated in effort with all others that are involved in aspects of security.

How to do that, remains open question, at least in USA I see they are making more and more agencies for something 'security'. I am supposing they are refining the how-to.
0
 
LVL 3

Expert Comment

by:FlamingSword
ID: 6866434
IT is IS is IT is.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6869976
Thanx, &
Good Fortune!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How important is it to take extra precautions to protect your online business? These are some steps you can take to make sure you're free of any cyber crime.
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

29 Experts available now in Live!

Get 1:1 Help Now