http://blogs.technet.com/steriley/archive/2008/02/07/who-should-do-your-security-audits-or-how-do-you-organize-the-security-department.aspxAn interesting question came up today. The group responsible for configuring and maintaining the firewalls at a customer also believes that they should be the only ones to audit their configurations. Others in the security department are uneasy with this,en-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.technet.com/steriley/archive/2008/02/07/who-should-do-your-security-audits-or-how-do-you-organize-the-security-department.aspx#2866274Mon, 11 Feb 2008 06:54:05 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:2866274Shoaib Yousuf<p>Hi Steve,</p> <p>The security standards group defines an organization’s security architecture and they will only be able to do it when they will understand the needs and drivers of the various business units. So, there shouldn’t be conflict between standards/alignment roles or you can say both roles are similar.</p> <p>I agree and liked your explanation on operations/auditing though….But, if auditors perform their task as you have defined then there will be no conflict in these two roles either…</p> <p>According to me it should be like this:</p> <p>Security Risk Management</p> <p>Security Alignment / standards</p> <p>Security Operations</p> <p>Security Auditing</p> <p>The reason why I have put standards after alignment is after understanding the needs and drivers of the various business units through risk management they will be able to work on standards which will later help security operations. In the end good auditing can help to ensure all policies are used appropriately.</p> <p>Cheers</p> <p>Shoaib</p> http://blogs.technet.com/steriley/archive/2008/02/07/who-should-do-your-security-audits-or-how-do-you-organize-the-security-department.aspx#2898678Sat, 16 Feb 2008 15:55:39 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:2898678antivirus<p>Thank You For Sharin very inforamtive materials with us</p>