Some more advice for security admins / managers
on July 9th, 2006 at 8:38 pmA few weeks back, I posted about what a security admin / manager should do to sell security to the execs and the general user populace at his or her organization. It contained no technical advice. Basically, it said to be social and was meant to be a first step in getting the people to know you so you can start down the path of security acceptance.
Once those execs know who you are, what’s next? This is where it gets real, folks. You actually have to define your job. Not just DO your job, but actually sit down in front of your laptop, desktop, writing pad, whatever, and get a solid idea of what you do. I am not talking about a job description. I am talking about the tasks you work on daily and weekly and monthly and so on. Tasks you have to perform to make your network secure and your information safe.
Make out your list ASAP. It will help you get organized. Then, print it out and slip it under your boss’s door. Maybe it will wake someone up (or it might just piss ‘em off – either one is OK).
Now I have to admit that it is often difficult to get started on a list like this. There are so many things that you do that it seems like it would be simple to put it down. But it sometimes is just not that easy. So, here’s a sample of what you might have to do as a security person. It won’t apply to everyone, of course, and I have also included some network admin and engineering tasks that many security people won’t do. It is definintely not exhaustive. But for those busy security admins who do double duty on the network, then some might work. Hope it helps. Feel free to comment and add more.
IPS Maintenance
Firmware Upgrades
Signature Updates
Tuning
Reporting
IDS Maintenance
Firmware Upgrades
Signature Updates
Tuning
SIM / SEM Maintenance
Firmware Upgrades
Tuning
Alert setup
Reporting
Email Gateway Maintenance
Firmware Upgrades
Real Expression Maintenance
Delivering blocked emails
Reviewing message logs for false positives and false negatives (tuning)
Checking forums for new spam / viruses that require expressions for filtering
Maintaining blocked extension database
Reporting
Corporate Firewall Maintenance
Firmware Upgrades
Policy setup
VPN setup and maintenance
User access setup
Rule auditing
Reporting
Remote Firewall Maintenance
Firmware Upgrades
Policy setup
VPN setup and maintenance
User access setup
Rule auditing
Reporting
Router and Switch Maintenance
Firmware Upgrades
Access maintenance
VLAN Maintenance
Servers
DNS Maintenance
DHCP Maintenance
Network Monitoring
Baseline configuration
Threshold alert setup
General Security
Password Auditing
Vulnerability Scanning
Rogue device scanning
Wireless device scanning
Telecommunications
DNS Maintenance
Router maintenance
Internet
Domain Maintenance
Extranet Maintenance
Firmware Upgrades
Group and User maintenance
Rules maintenance
Documentation
IP address list (public and private)
Network and security infrastructure drawings
Update acceptable use policies
Update security awareness presentation
Update DR policies and procedures
Update HIPAA policies and procedures
Training
Orientation
Security Awareness
Vet
Don’t forget care and feeding of the security professional, to include certification maintenance (CISSP CPE’s), training, vendor presentations, etc.
Those things take time in the work day as well, even if your workday is already 24/7.