3. How does your company split ownership of devices such as the firewall between Se...

How does your company split ownership of devices such as the firewall between Security and Networking teams?

I have a security team. Here's how we do it (with the added requirement of SOX compliance):

Networking team - The network architect designs and lead implements all network infrastructure (campus, DC, and edge switching/routing, wireless, firewalls, remote access, etc). The network engineers subordinate to the architect manage the devices. Anything the network team changes anywhere requires informing security of the changes for review and possible approvals.

Security team - The security architects feed network security requirements that drive a lot of the configuration of security policies. The architects have read-only access to everything so they can review risk across devices. They cannot make changes though. A subordinate security infrastructure engineer will tweak changes as necessary and networking is an informed party during the changes. Security engineers have full admin access to security devices and nothing else. Large impacting changes require discussions between both teams and go through change control. Firewall requests get submitted through a ticketing portal with specific fields that have to be filled in. The security architect reviews the form and approves it for implementation by a security engineer, networking always being an informed party. The form is required by SOX to track changes to access control devices. Some companies outsource this function to comply with SOX if they lack an internal security team. They get dinged on a segregation of duties (SOD) failure if they don't do that. The only devices the security engineers can directly make changes to are security devices (firewalls, IDS/IPS, remote access, ACS/ISE, etc). They can't directly change security on anything except those devices.

There's also SOC (security operations center) which are low level administrators who review events and logs. We've outsourced this function to an MSS (managed security service) which has a direct linkage to our SIEM and manages that for us. It is cheaper to do that than employ the 2-4 bodies necessary to run an effective SOC.

/r/sysadmin Thread
Previous
Next

Recently removed from /r/sysadmin

I know of a crazy vulnerable Exchange server at my old work. What to do? Details inside. Intune Windows LAPS - Configuration Profile Applies Successfully, Yet Nothing Happens...Why? Woman starting in IT next month. Should I be worried or not? How to run a meaningful CyberSecurity Risk Workshop/Assesment Amazon Outage I don't know what I'm doing and I need help What's the point of using BitLocker with TPM instead of password when someone can always access your computer without entering a password on boot? How many of you despise IoT? Onboarding 1200 New Users - how to communicate passwords? Gen Z also doesn't understand desktops. after decades of boomers going "Y NO WORK U MAKE IT GO" it's really, really sad to think the new generation might do the same thing to all of us Modern SQL Express Backup Solution [GA] Employee claims she can't use Microsoft Windows for "Religious Reasons" So I got a "correctional talk" yesterday. Rant about new age "senior" IT "specialists" who don't know how to wipe their butt. Do you think remote work is slowly dying? Most companies seem to be pushing RTO, even big tech you folks think ?

More Random Comments

Unpopular opinion: grammar is fun Day 3, on the edge What records do you consider to be breakable? Young NJ poker player Unpopular Opinion Thread EXCLUSIVE: Sprint's 'failing' finances factor in T-Mobile's $26B tie-up Venezuelan military running over protesters in armored vehicles (NSFW/L) In honor of Despi What is a true fact that sounds like a conspiracy theory? [SERIOUS] What was something you saw you were definitely not supposed to see? Accidentally Pulled off a piece of the urinal, to reveal a note from someone else who also pulled off a piece of the urinal! The blog covers why “WE” don’t want a slider EU belittles U.S. claims as 'frankly childish' at WTO Airbus hearing (Spoilers Main) They only need three people, not three episodes, to deal with Cersei The King's Avatar Season 2 Concept Trailer《全职高手》动画第二季概念预告