Security System Development and Operations Overview

Now that you have a basic understanding of what a security policy is and the various ways to enforce these rules, this section puts them in the context of the overall security system development and operations. To begin, let's look at the process at a high level. Figure 2-1 shows an overview of the process and how the various steps interrelate with one another.

Figure 2-1. Security Life Cycle Overview

Figure 2-1. Security Life Cycle Overview

Business needs and risk analysis are the two principal feeders into the security policy. Your overall security policy is formed from three different types of documents:

• Policies Essential elements of your security policy that generally are not technology specific and that have broader implications on the operation of the network

• Guidelines Organization best practices

• Standards The minimum set of operations criteria for a certain technology or asset


Although policies, guidelines, and standards are detailed later in this section, it is important to note that the umbrella term over all these documents is security policy and that individual documents within the overall policy share the name policy.

The overall security policy combines with industry best practices to create the actual security system. The security system, in turn, feeds into the security operations process, which comprises incident response, system monitoring and maintenance, and compliance checking. Finally, security operations feeds back into the security system and the initial policies to form a life cycle that keeps the security policies and system fresh over time.

The rest of this chapter explains this diagram in detail. First is a discussion of the principal drivers of security policy. Second is a discussion of how to develop a security policy that considers not only the principal drivers but the technological underpinnings. Third is a discussion of how to translate the security policy into an effective, secure network design. Finally, security policy and system refinement through effective security operations are discussed.

Security System Development

Let's begin this discussion by examining the steps involved in developing a security system for an organization. There are three main steps in this process:

1. Examining security policy drivers

2. Developing a security policy

3. Designing the security system

The next several sections outline these steps and highlight the main decisions that need to be made at each point in the process.

Step 1: Examining Security Policy Drivers

The process begins by examining the two primary drivers of the security policy: business needs and risk analysis. Before any security policy can be created, business needs and risk must be analyzed to ensure the policy adequately addresses the needs of the organization. Without a firm grounding, a policy can often wind up solving a problem no one has or, worse, causing harm to the day-to-day functioning of the organization.

The next sections highlight how these two drivers can be understood in a manner that allows the security policy to accurately address the needs of the organization.

100 SEO Tips

100 SEO Tips

100 SEO Tips EVERY SEO Enthusiast Should Know. This Report 100 SEO Tips will help you to Utilize These Tips to Dominate The Search Engine Today.

Get My Free Ebook

Post a comment