Security Planning Team Members
Who performs the security
analysis, recommends a security program, and writes the security plan? As with
any such comprehensive task, these activities are likely to be performed by a
committee that represents all the interests involved. The size of the committee
depends on the size and complexity of the computing organization and the degree
of its commitment to security. Organizational behavior studies suggest that the
optimum size for a working committee is between five and nine members.
Sometimes a larger committee may serve as an oversight body to review and
comment on the products of a smaller working committee. Alternatively, a large
committee might designate subcommittees to address various sections of the
plan.
The membership of a computer
security planning team must somehow relate to the different aspects of computer
security described in this book. Security in operating systems and networks
requires the cooperation of the systems administration staff. Program security
measures can be understood and recommended by applications programmers.
Physical security controls are implemented by those responsible for general
physical security, both against human attacks and natural disasters. Finally,
because controls affect system users, the plan should incorporate users' views,
especially with regard to usability and the general desirability of controls.
Thus, no matter how it is
organized, a security planning team should represent each of the following
groups.
computer hardware group
system administrators
systems programmers
applications programmers
data entry personnel
physical security personnel
representative users
In some cases, a group can be
adequately represented by someone who is consulted at appropriate times, rather
than a committee member from each possible constituency being enlisted.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2024 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.