I am not sure that there is that much of a difference between your two
approaches, except of course when it comes time to make the bus
cards/letterheads etc. I don't think it is possible to completely
separate the security aspects from the `running of things'. In order
to do either you must understand (to some degree) both. If you were to
completely separate the security aspects from the ordinary `running of
things' you would either need to duplicate the knowledge base in both
departments (an expensive proposition) OR you would need people to
coopoerate closely on what they do.
Whether you call this two depts or one is a matter for Administration
but in the end, I think you would find that they must work as one unit
(dare I say Information Technology Services?) or you will find that
you are working at cross purposes. The security folks would find
themselves undoing the work that the `ordinary' folks are doing and
vice-versa. So, I guess I am saying:
3) all departments have security professionals that work
closely with each other AND with the `ordinary' people. Together they
form a coherent security plan that works for all of the individual
aspects of IT.
Make sense or is this just a cop out?
On Thu, 14 Nov 1996, Alain Zarinelli wrote:
> Hi all,
> I have a question concerning the "usual" structure of IT departments in
> bigger organizations:
> 1) Information security is split up between several different
> departments: Database administration does database security, Network
> services does network security, Computing services does host security on
> their systems...
> 2) There is ONE department, let's call it "InforSec Dept." that is in
> charge of ALL the information security aspects for the different
> "sections", i.e.e.g. THEY control host security, database security and
> network security. Of course, there are still Database administration,
> Network services and Computing services departments, but those are
> merely responsible for "running" the things.
> What is more likely to be the structure in bigger organizations? What is
> the opinion of the audience on the 2 "scenarios" above --
> advantages/disadvantages and the like...
> Thanks for your thoughts. Alain.