Developing an Enterprise Security Administration Team

Consider a new security manager at a large company with several divisions. Each division is responsible for its own profitability. Some divisions have a common, centralized help desk, and others have their own processes for security administration. This type of administration typically involves creating new computer accounts for employees and other users, granting employees access to the required resources, making changes to user accounts when employees move within the company, and revoking their access when they leave the company. This account creation and administration requires a high level of domain rights. However, the security manager feels that the company will benefit from a centralized set of security processes.

As a group, brainstorm and reach a consensus on how the security manager should consolidate security policies, processes, and administration across divisions. Your solution should address the following:

All divisions have to pay for their own services, yet they all share common IT infrastructure on a common network. Write a business case that justifies one set of security policies and administrative processes, which are enforced uniformly across the enterprise.- Zachary Since you came up with a business case, can you follow suit again.

Explain how you would distribute security administrators around the company. Indicate if you would centralize or decentralize administration, and explain how it can be beneficial to the company.

List three metrics that you would use to measure the effectiveness of central policies and the new administrative structure you suggest.

Some large companies have division security managers in addition to a single company Chief Information Security Officer (CISO). List the pros and cons of such a model.