Security Administrator
- Security Administrator
- the role that is played when a person
administers the security countermeasures of one or more
systems,
applications,
components, or
centers
As illustrated in the preceding figure, Security Administrator is part of the following inheritance hierarchy:
The typical role-specific responsibilities of a Security Administrator are to:
- Administer and maintain the security mechanisms and
components in the production environments.
- Monitor, analyze, and respond to security events.
- Analyse and implement security change requests.
- Administer security policies.
- Support prosecution of security violations.
Security administrators typically inherit all of the
general role responsibilities from the
role process component.
To fulfill these responsibilities, security administrators
typically should have the following personal characteristics,
expertise, training, and experience:
Security administrators typically should have the following
personal characteristics:
- Highly Trustworthy
- Detail Oriented
- TBD
Security administrators typically should have the following
expertise:
- Expert knowledge of security engineering tasks,
techniques, and tools.
- Expert knowledge of security mechanisms:
- Digital Signatures
- Encryption/Decryption
- Passwords
- User Identifiers
- Expert knowledge of security components
- Expert knowledge of commercially available
security tools
- Expert knowledge of the security aspects of:
- Application Frameworks (e.g., Microsoft COM+, Microsoft
.NET, OMG CORBA, and Sun J2EE)
- Application Infrastructure Components (e.g., BEA
WebLogic, IBM MQSeries, IBM WebSphere, iPlanet Directory,
MS Active Directory, MS BizTalk Server, MS Exchange, MS
IIS, MS Integration Server, MS MQ, SAP R/3, and Vitria
BusinessWare)
- Databases (e.g., IBM DB2, Oracle)
- Directories (e.g., iPlanet Directory Server, MS Active
Directory)
- Operating Systems (e.g., Cisco IOS, Linux, IBM AIX, IBM
AS/400, MacOS, Microsoft Windows, Sun Solaris, Unix)
- Servers (e.g., application, database, media/content,
messaging, and web servers)
- Programming Languages
- Security APIs and Protocols (e.g., DCE Security
Service, GSS-API, Kerberos, Microsoft CryptoAPI, PAM, PKCS
API's, SAML, S/MIME, and SSL/TLS)
- Solid knowledge of applications, contact centers, and
data centers.
- Basic knowledge of the customer’s business and
application domain(s).
Security administrators typically should have the following
training:
- A bachelor’s degree or better in software or
systems engineering, computer science, or the
equivalent.
- Practical hands-on training in:
- Security engineering tasks, techniques, and tools.
- Security mechanisms
- Commercial-off-the-shelf (COTS) security systems
- One of the following security certifications:
Security administrators typically should have the following
experience:
- A minimum of 1 year’s experience successfully
TBD.
Security administrators typically perform the following
role-specific tasks in an iterative,
incremental, parallel, and time-boxed manner:
Security administrators typically inherit all of the
common role tasks from the
role process component.
Security administrators typically perform these tasks as
members of the following teams:
As members of these teams, security administrators typically
produce all or part of the following work products:
The following guidelines have proven useful with regards to
requirements engineers:
- Security administrators should work closely with security
architects and security engineers.
- On small projects, the same person may play the security
administrator and security engineer roles.
- This role typically inherits all of the
common role guidelines from the
roles process component.
