Network Security Policy and Process

Network security is an integral part of the system life cycle, as illustrated in Figure 10-3.

Figure 10-3 Network Security in the System Life Cycle

Network security is a continuous process, built around a security policy. Business needs (organizational requirements) and risk analysis are inputs to the development of a security policy. Regardless of the security implications, business needs must come first; if the business cannot function because of security constraints, the organization will have a major problem.

The following are the key areas to consider when designing a secure network:

■ Business needs: What the organization wants to do with the network

■ Risk analysis: The risk-versus-cost balance

■ Security policy: The policies, standards, and guidelines that address business needs and risk

■ Industry-recommended practices: The reliable, well-understood, and recommended security practices in the industry

■ Security operations: The process for incident response, monitoring, maintenance, and compliance auditing of the system

Was this article helpful?

0 0

Post a comment