Chapter 8 – Developing Network Security Strategies.docx

13 Pages
Unlock Document

Information Technology Management
ITM 600
Robert Hudyma

CHAPTER 8DEVELOPING NETWORK SECURITY STRATEGIESNetwork Security DesignBreaking down the process of security design into the following steps will help you effectively plan and execute a security strategy1Identify network assets2Analyze security risks3Analyze security requirements and tradeoffs4Develop a security plan5Develop a security policy6Develop procedures for applying security policies7Develop a technical implementation strategy8Achieve buyin from users managers and technical staff9Train users managers and technical staff10Implement the technical strategy and security procedures11Test the security and update it if any problems are found12Maintain securityIdentifying Network AssetsIdentify network assets and the risks if those assets could be sabotaged or inappropriately accessedNetwork devices include network hosts computers OS applications data interworking devices switches and routers intellectual property trade secrets and company reputationAnalyzing Security RisksRisks can range from hostile intruders to employees downloading a virusoHostile intruders steal data change data and cause denial of service attacksAnalyzing Security Requirements and TradeoffsThe confidentiality of data so that only authorized users can view sensitive informationThe integrity of data so that only authorized users can change sensitive informationSystem and data availability so that users have uninterrupted access to important computing resourcesoThe cost of protecting yourself against a threat should be less than the cost of recovering if the threat were to strike youTradeoffs must be made between security gaols and goals for affordability usability performance and availability Security also affects network performance and it can reduce network redundancyDeveloping a Security PlanSecurity plan is a highlevel document that proposes what an organization is going to do to meet security requirementsoit will include the time people and other resources to will be needed to develop a security policy and achieve technical implementation of the policyA security plan should reference the network topology and include a list of network services that will be provides FTP web email and so onComplicated security strategies are hard to implement correctly without introducing unexpected security holes For a security plan to be useful it needs to have the support of all of employees within the organization Developing a Security PolicySecurity Policy is a formal statement of the rules by which people who are given access to an organizations technology and information assets must abideIts informs users managers and technical staff of their obligations for protecting technology and information assetsDeveloping a security policy is the job of senior management with the help from security and network administratorsA security policy is a living document because organizations constantly change security policies should be regularly updated to reflect new business directions and technological shifts Risks change over time also and affect the security policyComponents of a Security PolicyoAn access policy that defines access rights and privileges The access policy should provide guidelines for connecting external networks connecting devices to a network and adding new software to systems An access policy might also address how data is categorized for example confidential internal and top secretoAn accountability policy that defines the responsibilities of users operations staffand management The accountability policy should specify an audit capability and provide incidenthandling guidelines that specify what to do and whom to contact if a possible intrusion is detectedoAn authentication policy that establishes trust through an effective password policy and sets up guidelines for remotelocation authenticationoA privacy policy that defines reasonable expectations of privacy regarding the monitoring of electronic mail logging of keystrokes and access to users filesoComputertechnology purchasing guidelines that specify the requirements for acquiring configuring and auditing computer systems and networks for compliance with the policyDeveloping Security ProceduresSecurity procedures implement security policiesProcedures define configuration login audit and maintenance processesSecurity procedures should be written for end users network administrators and security administratorsSecurity procedures should talk abouthow to handle incidents ex Intrusion is detectedMaintaining SecuritySecurity must be maintained by scheduling periodic independent audits reading audit logs responding to incidents reading current literature and agency alertsperforming security testing training security administrators and updating the security plan and policySecurity wheel it illustrates that implementing monitoring testing and improving security is a neverending processSecurity MechanismsPhysical Security refer to limiting access to key network resources by keeping the Physical securityresources behind a locked door and protected from natural and human made disastersPhysical security can protect from misuses natural disasters terroristand biohazard events misuses of network equipmentPhysical security should be installed to protect core routers demarcation points cables moderns servers hosts backup storage and so on
More Less

Related notes for ITM 600

Log In


Don't have an account?

Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.