This is always a tough question to answer, since defining an Information
Security department depends on your organization business structure and
where an organization falls into the C- Confidentiality, I - Integrity, A -
Availability. If the organization somewhat is positioned to concentrate
more on Confidentiality, Integrity, then forming a InfoSec department full
of policy/procedure people one will somewhat suited for that environment
and a have one or two people as Security admins.
If you find someone, you will probably find out there are usually 3 types
of InfoSec folks : (gender slanted)
1. Gothic - long hair, spiked, hair, earrings, body piercings, black finger
nail polish, will probably self-combust if exposed to Direct Sunlight
2. Giant - looks like the guy from Jurassic Park I, messy, looks like
they just ate 3 entire food rows of a Safeway/Giant supermarket
3. Eccentric - normal looking, well sometimes, likes to wear white ninja
outfits on occassion, has a fetish for very expensive custom-made cowboy
boots, drives custom harleys, has a personal arsenal of firepower that the
Iraqis drool only wish they could afford.
4. Mixture - mix and match, but if you meet someone who is normal looking
they probably have some velcro gloves somewhere in their bag of tricks, and
like talking about sheep a little bit to much
5. Famous/Infamous - has been featured in a slew of news articles, Time
Magazine, mail threads, and if you are extremely lucky a feature on
America's Most Wanted.
6. Stiff - 3 piece suit/tie wearers (on occassion Yes, but otherwise avoid
these type of people, they like to act out American Psycho once in a while,
and use assorted cutlery to check the status of the user community) Favva
beans not included with this sort.
7. Insane/Eccentric - takes InfoSec very seriously, lives at work, always
right and can solve the knapsack problem in less than 2 minutes. Has the
missing Thinking Machine CM-2 in their basement.
Personalities - huge egos, highly eccentric, introverted, extrovert, or no
interpersonal skills whatsover.
Other gender:
Mix of the above, plus/minus other attributes, etc. Power trip games, has
their own webcam site, featuring themselves or controversial topics
Did I miss any of the stereo-types of InfoSec folks, drop me a line if you
like to add to the personal descriptions:.. But if you are serious about
forming a InfoSec department, one has to take into account the attributed
listed above and also make executive management is ready and committed to
let one form an InfoSec department versus just flapping their gums and
listing it as a TODO item versus being committed to actually forming one,
spending money on appropriate hardware/sofware, etc, etc.
(*.03)...
At 04:13 PM 2/27/01 -0600, N Cleaver wrote:
>I've been looking for some info. Haven't found what I need. Maybe you
>can help: Do you know of any good web sites where I could find
>information on structuring an Information Security department, including
>job descriptions? I'd appreciate any help you can offer.
>
>Many Thanks!
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
