下载中心  |   网站地图  |   站内搜索  |   加入收藏
最新更新
业界动态
产品信息
安恒动态
技术文章


安恒公司 / 技术文章 / 网络管理与网络测试 / 网络管理 / 百日计划:新安全经理的成功之道
百日计划:新安全经理的成功之道
2010-05-19          阅读:

【TechTarget中国原创】恭喜你成为新的安全经理。也许你是因为打赌输了或者是抽签中了(才摊上这差事)。也可 能你就喜欢这种挑战带来的刺激。

不管怎样,蜜月期都是短暂的,所以一定要想方设法干好最初的100天。这会给你今后在公司的这个职位上定下一个基调,所以千万别把时间浪费在思 考要做些什么和构思如何具体去做上面。这一般来说都意味着要查明和弥补一些大的缺陷,对整个机构或规定程序作修改(向更好的方向),并且最后还要确定业绩 目标。

一定要记住,职位的变动不会是无缘无故的。可能是因为前任安全经理对团队失去了信心,或者是他/她做得不够或者根本就没有作为。多半是因为有问 题需要你来处理,这就需要你和你的团队着手开始解决了。

基本上,第一个100天可分为4个重要方面:

  • 基准线
    明确安全问题到底在公司的事务中处于什么地位是非常有必要的,因为这样才好按顺序评估。也许是渗透测 试,也许是扫描,也许是社会工程实验;最有可能上述所有的一起。一定要记住,过了大概100天,任何问题都会归咎在新的安全小组,所以一切的遗留问题都得 尽快找到。隐瞒情况,粉饰太平是没有任何好处。
  • 修补
    设定好基准线后,就可以开始补漏了。这意味着要尽快补救最明显,最容易和最便宜的问题。在头一百天内打上几次胜仗绝对是非常重要的。这些问题可以不是最引 人注目的或最重要的,但是通过解决这些问题,管理层就会知道你把成功地把问题如期解决了。
  • 宣传
    头一百天中另一个重要任务就是为安全计划制定实施步骤,这是安全操作的基础。这意味着要合高层会晤,以找出他们想要保护些什么以及为什么要保护。把整个计 划展示给这些权力大佬们看看也是很有用的,他们通常会推动某些方面的动作,这就给你带来了好处。威信建立起来了以后,再去寻求对保护数据所需的项目或程序 的支持就容易多了。不过安全经理成功的很大一部分都在于和公司行政官的会晤。如果他们不知道你是谁,也不知道你在干些什么,那么你就做错了。
  • 规划后续步骤
    蜜月期要做的最后一件事就是计划年内余下的时间该怎么做。高管们喜欢看到团队的工作计划。基本的安全计划提供了一个大概框架,所以余下的任务就是设定一些 里程碑,然后开始根据这些计划进行。


正确地迈出头一百天的步子是至关重要的。这是第一个(也可能是最后一个)给管理层褒奖或问责设个基调机会。如果处理得好的话,管理层会把安全问 题当作是大事要务来抓,这也正是每个安全经理的努力方向。

Congratulations, you are the new security manager. Maybe you lost a bet or drew the short straw. Or maybe you like the thrill of a big challenge.

Whatever the circumstances, the honeymoon period ends quickly, so it’s critical to make sure the first 100 days are optimally spent. This will set the tone of your working career in this organization, so it’s essential that no time is wasted in figuring out what needs to be done and implementing a plan detailing how to do it. That typically means identifying and fixing some of the biggest holes, making some organizational or process changes (for the better) and, ultimately, establishing a track record of meeting objectives.

Keep in mind that the regime change happened for a reason. Maybe the previous security manager lost the confidence of the team, or maybe he or she didn’t get enough done or didn’t let anything happen at all. Odds are there are issues that need to be dealt with, and it’s up to you and your team to start making progress.

Basically, the first 100 days can be broken down into four distinct areas of focus:

Baseline — It’s important to figure out how security really stands at the company, so some kind of assessment is in order. Maybe a pen test, maybe a scan, maybe a social engineering experiment; most likely all of the above. Keep in mind that after about 100 days, the blame for any problems will fall on the new security team, so all of the residual issues need to be found as soon as possible. There is no benefit to sugarcoating the situation.
Triage — Now that the baseline is established, the leaky buckets can be plugged. That means moving quickly to remediate the most obvious, easiest and cheapest issues. Finding a few quick wins is absolutely critical during the first 100 days. Those issues may not be the highest profile or even the most important, but by getting them fixed, it informs the organization’s senior management team that you get things done successfully and on schedule.
Evangelize — Another key task for the first 100 days is to set the stage for a structured security program that will underlie security operations. That means meetings with executives are in order to figure out what they want protected and why. It also makes sense to present the entirety of the program to the power brokers in the organization; they will likely push back on some aspects, and that’s fine. As credibility is built up, it’ll become easier to get support for the projects and processes that are important to protecting data. But a big part of finding success as a senior security manager is to get face time with the corporate executives. If they don’t know who you are and what you are doing, then you are doing it wrong.
Plan the next steps — The last thing to do during the honeymoon is to build a plan for the rest of the year. Senior managers like to see the team working on a plan. The underlying security program provides the structure, so the remaining task is to define some milestones and then start tracking progress against those milestones.
Starting off on the right foot for the first 100 days is critical. It is the first (and possibly the last) opportunity to set a tone of achievement and accountability with the senior team. If it’s done right, executives will consider security to be a key initiative for the organization, and that’s what every security manager strives for.

责任编辑: admin

相关文章
主动式网络性能及安全评估新技术交流会-太原站  14-05-07 - 阅: 98268
主动式网络性能及安全评估新技术交流会-北京站  14-05-07 - 阅: 98817
艾尔麦企业版升级为V10版本,分布式无线网管理与安全解决方案  12-03-21 - 阅: 206838
贝迪B-580材质简介, 管道标识、安全标识推荐  10-05-25 - 阅: 164891
AHQZ网络应用数据分析仪获得公安部销售许可证,审计与安全分析工具  10-05-11 - 阅: 214370
怎样使用掌上型分析仪解决无处不在的无线网安全问题  09-11-04 - 阅: 139733
分析:小小笔记本面临大的安全威胁  09-01-06 - 阅: 114920
无线局域网在医院应用的安全性研究综述  08-12-23 - 阅: 147463
OptiView综合网络分析仪成为首个能够识别IPv6安全风险的便携式分析仪, OPV-INA  08-11-25 - 阅: 149282
全球移动通信系统(GSM)的安全系统存在着致命的漏洞  08-03-31 - 阅: 153789
人大代表指出无线网安全隐患 提议尽快用WAPI  08-03-12 - 阅: 143237
Wi-Fi安全猛于虎,波音公司的787无线网安全事件引发的思考  08-02-25 - 阅: 143950
制订良好的无线网络安全策略的十个要诀,WiFi的管理与安全话题  07-12-20 - 阅: 161572
Wi-Fi无线网的客户端安全与防护StreetWISE  07-07-25 - 阅: 172889
无线局域网Wi-Fi在医院应用的安全性研究  07-07-16 - 阅: 172855
中小企业对无线需不同安全策略  07-03-12 - 阅: 181321
无线局域网故障诊断增强网络系统的有效性和安全性  07-01-10 - 阅: 196840
解决笔记本电脑在室外办公的安全难题,艾尔麦AirMagnet发布StreetWise  06-08-15 - 阅: 202037
视安全为第一-调查显示WLAN无线网部署在扩张,布署管理需求增加  06-07-16 - 阅: 204674
用ES网络通二代检测802.1x安全认证过程及进行故障诊断  06-07-13 - 阅: 241773
相关产品
艾尔麦企业版AirMagnet Enterprise(AME) -分布式无线网安全与管理系统  06-07-07 - 阅: 698103
安全标识解决方案,安全警示标签  06-07-03 - 阅: 777226
管道标签-管道标识解决方案,安全标识GB7231  06-05-30 - 阅: 745800
单机版无线网防火墙SG Sentry—小型无线网络的安全防护解决方案  05-07-21 - 阅: 1146848

Email给朋友 打印本文
版权所有·安恒公司 Copyright © 2004   tcpdump.anheng.com.cn   All Rights Reserved    
      北京市海淀区首体南路9号 主语国际商务中心4号楼8层 安恒公司(邮编100048) 电话:010-88018877