Information Technology Reference
In-Depth Information
Risk analysis is another part of the system life cycle. It explains the risks and their costs.
Business needs and risk assessment feed information into the security policy.
The security policy describes the organization's processes, procedures, guidelines, and
standards. Furthermore, industry and security best practices are leveraged to provide well-
known processes and procedures.
Finally, an organization's security operations team needs to have processes and proce-
dures defined. This information helps explain what needs to happen for incident response,
security monitoring, system maintenance, and managing compliance.
Ta ble 1 2 - 6 outlines key network security considerations.
Ta b l e 1 2 - 6
Key Network Security Elements of the Network Security Life Cycle
Key
To p i c
Security Consideration
Name
What are the business requirements?
Business needs
What is associated risk and cost?
Risk analysis
What policy governs the business requirements and risk?
Security policy
What are the recommend industry security best practices?
Best practices
What will the process be for incident, compliance, and change
management?
Security opera-
tions
Figure 12-5 shows the flow of the network security life cycle.
Business Needs
Risk Analysis
Security Policy
Guidelines, Processes, Standards
Security System
Best Practices
Security Operations
Incident Response, Monitoring, Compliance
Figure 12-5
Network Security: System Life Cycle
Security Policy Defined
RFC 2196 says, “A security policy is a formal statement of the rules by which people who
are given access to an organization's technology and information assets must abide.”
