Security Wheel
Network aegis is a connected action congenital about the accumulated aegis policy. The aegis caster depicted
in Figure 1-6 shows a recursive, advancing action of appetite against perfection—to accomplish a anchored network
infrastructure. The archetype incorporates the afterward bristles steps:
Step 1. Develop a aegis policy
A able aegis action should be acutely defined, implemented, and documented, yet simple
enough that users can calmly conduct business aural its parameters.
Step 2. Accomplish the arrangement secure
Secure the arrangement by implementing aegis solutions (implement authentication, encryption,
firewalls, advance prevention, and added techniques) to stop or anticipate crooked admission or
activities and to assure advice and advice systems.
Step 3. Adviser and respond.
This appearance detects violations to the aegis policy. It involves arrangement auditing and real-time
intrusion apprehension and blockage solutions. This additionally validates the aegis accomplishing in Step
2.
Step 4. Test.
This footfall validates the capability of the aegis action through arrangement auditing and vulnerability
scanning and tests absolute aegis safeguards.
Step 5. Manage and improve.
Use advice from the adviser and analysis phases to accomplish improvements to the security
implementation. Adjust the accumulated aegis action as aegis vulnerabilities and risks are
identified. Manage and advance accumulated aegis policy.
Figure 1-6. The Aegis Wheel
Lessons abstruse from Accomplish 2 through 5 should consistently be reflected aback to the accumulated aegis action in Step
1, so that the high-level aegis expectations are actuality met. This should be an advancing process, a continuous
life cycle!
Summary
This affiliate gave an overview of arrangement aegis and discussed the challenges of managing a anchored network
infrastructure. The affiliate discussed how the aegis archetype is alteration and that aegis solutions today
are no best artefact based. Instead, they are added band-aid aggressive and advised with business objectives in
mind. The affiliate additionally discussed the amount attempt of security—the CIA accord of confidentiality, integrity, and
availability—followed by abrupt altercation of aspects of aegis policies: standards, procedures, baselines,
guidelines, and assorted aegis models. The affiliate takes a abundant attending at the ambit aegis affair and
the multilayered aegis approach. The affiliate concludes with the Cisco aegis caster archetype involving five
cyclical steps.
References
Harris, Shon. CISSP All-in-One Exam Guide, Second Edition. McGraw-Hill Osborne Media, 2003.
https://www2.sans.org/resources/policies/#template
http://www.cisco.com/go/securityconsulting
http://www.doc.ic.ac.uk/~ajs300m/security/CIA.htm
http://portal.acm.org/citation.cfm?id=619980
http://www.gammassl.co.uk/topics/chinesewall.html
http://www.devx.com/security/Article/20472
Guel, Michele. "A Short Primer for Developing Aegis Policy," Cisco Systems,
http://www.sans.org/resources/policies/#primer