My company has finnally decided to creat an infosec department. This group will be headed by a long-term co-worker who has 15+ years experience in networking infrastructure and security. This will be an all new experience for out company however, and a fresh start for a new trail in my career path.
Usually it's best to start things right, (don't give the puppy a chance to poop in the floor and you will not have to rub his nose in anything) so I was wondering, for all of you guys out there who have experienced a newly developed Infosec group, and considering hindsight:
1. What should be requested up front.
a. Test environments
b. Triple head display cards
c. Intrusion detection software
d. etc., etc.,
2. Should there be segregation from the rest of the IT dept.
3. What duties should coincide with the infosec dept.
4. First course of action such as planned projects and immediate tasks.
5. What responsibilities should fall within the group.

These are just the questions that I have on my mind at the moment.
_______________________________________________________
Since there are a lot of you guys out there that have witnessed an infosec dept. at birth, I was hoping that I could learn from your experiences.

Thanks Ahead of Time.