|
Objective 6.3
Plan a Framework for Planning and Implementing Security
19-15
Objective 6.3
Plan a Framework for Planning
and Implementing Security
You must begin the security strategy for a data network long before you
purchase or
install any technology. Planning a security strategy for an enterprise
network requires
a framework of policies and procedures that dictate how your organization
performs
tasks such as the following:
■
Estimating security risks
■
Specifying security requirements
■
Selecting security features
■
Implementing security policies
■
Designing security deployments
■
Specifying security management policies
The creation of a security framework for a large organization requires input
from peo-
ple throughout the enterprise, not just IT personnel. The object of the
security planning
process is to answer questions such as the following:
■
What are your organization’s most valuable resources?
■
What are the potential threats to your organization’s resources?
■
Which resources are most at risk?
■
What are the consequences if specific resources are compromised?
■
What security features are available to the organization?
■
Which security features are best able to protect specific resources?
■
How secure is secure enough?
■
What is involved in implementing specific security features?
■
What maintenance do the security features require?
■
How will implementing specific security features affect users,
administrators, and
managers?
Creating a security framework is not a one-time project that ends when you
have fin-
ished designing the initial security plan for your network. Security is an
ongoing con-
cern, and the responsibilities of the security design team are also ongoing.
A security
life cycle typically consists of three basic phases:
|
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)