The roles and responsibilities that should be instigated associated with network security management are as
follows. (It should be noted that, depending upon the size of the organization, these roles may be combined.)
Senior management:
— define the organization's security objectives,
— initiate, approve, publish, and impose the organization's security policy, procedures and rules,
— initiate, approve, publish, and impose the organization's acceptable usage policy,
— ensure security and acceptable usage policies are enforced,
Network management:
— develop detailed network security policy,
— implement the network security policy,
— implement the acceptable usage policy,
— manage the interface with external stakeholders / external service providers to ensure conformance with
internal and external network security policies,
Network Security team:
— acquire, develop, test, check and maintain security components and tools,
— maintain security tools and components to follow closely the evolution of threats (e.g. updating virus
signature files),
— update security relevant configurations (e.g. access control lists ) according to changing business needs,
Network administrators:
— install, update, use and protect network security services and components,
— carry out the necessary daily tasks to apply the security specifications, rules, and parameters required by
the security policies in force,
— take appropriate measures to assure the protection of network security components (e.g. back-ups,
monitoring network activity, responding to security incidents or alarms, etc.),
Network users:
— communicate their security requirements,
— comply with corporate security policy,
— comply with corporate acceptable usage policies for network resources,
— report network security incidents,
— provide feedback on network security effectiveness,
Auditors (internal and/or external):
— review and audit (e.g. periodically test the effectiveness of network security),
— check compliance of systems with network security policy,
— check and test compatibility of operating security rules with the current business requirements and legal
restrictions (e.g. lists granted for network accesses).
No comments:
Post a Comment