The best method of getting more funds for IT security is to get other sections
of your organization involved so that many issues become their interests and you
get more advocates. For example, getting HR involved in security education so it
becomes important to them helps you get many of the tools that are recommended
by the courses. Similarly, your corporate audit group should be doing the
security audit, not the IT security group. If your legal and finance sections
are on your side, then you will get much more support.
-----Original Message-----
From: CISSP-Discuss@yahoogroups.com [mailto:CISSP-Discuss@yahoogroups.com] On
Behalf Of BolenJeff
Sent: Monday, December 19, 2005 1:51 PM
To: CISSP-Discuss@yahoogroups.com
Subject: [CISSP-D] help-need your opinions
I am having trouble getting the security tasks completed that I need to do in my
organization because of no staffing. I am an army of 1 in a local county
government that has over 1,200 users, 100 servers, and approx 65 different
locations. I have asked repeatedly for the last 2 years for staff to do the
duties that I don 't have the time to do completely. I have an opportunity to
maybe acquire 1 person.
Here is my question; For those of you that work in a government organization,
how is your organization, your staffing organized? Reporting structure etc. What
duties are the security people doing? How is auditing handled?
I sent this to the group because I value your responses, and I know there is a
lot of good experience out there.
Thanks for your responses in advance.
Jeff Bolen CISSP CHSP NSA-IAM/IEM
jabolen@gmail.com <mailto:jabolen@gmail.com>
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/CISSP-Discuss/
<*> To unsubscribe from this group, send an email to:
CISSP-Discuss-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
