Infra? Purchasing? stupidly can not tell

I've been too busy with work recently, and I haven't been to Matt City to post. First let me tell you that I haven't seen you for a long time XDD

First of all, let me help you google what the Infra Team in the information department does.

Infra Team = Infrastructure Team:

The main responsibility is to protect the security of company information, including network, system, and data. In theory, they have the least contact with the outside world (of course, they will occasionally tell you about information security policies). They also prevent other IT teams from abusing their powers. For example, the Infra Team can set some permission controls in the database to prevent people from the Support Team from changing the database (common in money-related information systems), and also do it on the Internet. In order to monitor, to avoid the outflow of sensitive company data (customer data). Another common example of network control is the MSN that the company loves and hates. Even if the PC Team person fills the MSN, as long as the Infra Team closes the corresponding network channel (called Port in IT terminology), it will be more difficult. The hard-working MSN has also become rubbish.

To put it simply, it is to control and plan the relevant equipment for storing company information to comply with information security regulations and ensure that company information does not leak out.

And our company's Infra really opened my eyes. When the database moved, it was over just by moving the data to a new location. The account secret was not restored, and the permissions were not set. We let us do everything ourselves, even the notification. The units did not do well in this matter, and the units that faced the user had to take on the artillery fire instead of them.

Some units responded that it was too late to rewrite the connection information in the program, so they extrapolated the problem and said that the time was not set by them, but also by our unit. I didn’t know that our authority was so large, so why don’t you just follow us? It is said that it does not meet the audit and information security standards.

And what equipment is in the unit, how to plan, and the information security of each equipment are not determined first, only the equipment is purchased, installed and ready for use, and then used by our unit, and then the information security weakness analysis As a result, there is a loophole in the lack of equipment security, and we are asked to move the contents of the equipment.

In the past six months, our unit has changed the server IP a few times, and the platform has moved several times. It is enough to play the moving game with them for more than half a year.

I really don't understand, buy the equipment, install it, and make sure it can run. Isn't that what the procurement is doing? But our unit calls it Infra, which sounds more advanced than it is.

What exactly should Infra be responsible for, I really don't understand? ?