Network security is an integral part of the system life cycle, as illustrated in Figure 10-3.
Figure 10-3 Network Security in the System Life Cycle
Network security is a continuous process, built around a security policy. Business needs (organizational requirements) and risk analysis are inputs to the development of a security policy. Regardless of the security implications, business needs must come first; if the business cannot function because of security constraints, the organization will have a major problem.
The following are the key areas to consider when designing a secure network:
■ Business needs: What the organization wants to do with the network
■ Risk analysis: The risk-versus-cost balance
■ Security policy: The policies, standards, and guidelines that address business needs and risk
■ Industry-recommended practices: The reliable, well-understood, and recommended security practices in the industry
■ Security operations: The process for incident response, monitoring, maintenance, and compliance auditing of the system
Was this article helpful?