Cisco developed a process they call the Security Posture Assessment (SPA) to describe a company’s network security efforts as a living, evolving entity. The SPA is represented graphically in Figure 1-5. As the graphic shows, developing a network security program is an iterative process that must be continually managed to reduce the risk of loss, while efficiently using company resources.
You should assume this graphic and the process it represents can be part of all four security exams. As you learn about a new technology, make sure you know where that technology fits in the Security Wheel. For example, intrusion detection systems (IDS) would be a part of the monitoring process.
Even if a company had the capital resources and attempted to develop the “perfect” network security solution, it would still be only the beginning of an on-going process. Like a perfect wave for a surfer or a perfect breeze for a sailor, the perfect security system is at best a moment in time, if not an illusion. The factors that led the company to put in the security system have been busily evolving and changing at the same time. The nearly constant changes occurring in technologies used in the network, types and sources of threats, even changes in data flows within the organization continually introduce new risks that must be anticipated and mitigated. The wheel identifies the four stages of developing a secure system.
Secure After carefully studying the security policy, it’s time to secure the network by implementing the processes and technologies required to protect the organization’s data and intellectual resources. These could include technologies like VPNs for telecommuters and branch locations, or the addition of firewall devices in the network.
Monitor The security processes and technologies need to be monitored to make sure they provide the security expected. This could involve a variety of activities, ranging from scanning log files to using network management software to detect intrusions, failed attempts, and internal misuse of resources.
Test The test stage can include testing new processes to make sure they meet expectations, testing established processes to see if internal or external changes might have made them less than secure, and periodic audits to see that all processes and policies are being implemented as designed and whether security problems are being dealt with properly.
Improve The improve stage involves developing new plans to adjust the security program for changes in both the internal and the external environment. From implementing “staged” improvements that were built into the original plan to reacting to the latest security threat that could be stalking the network, improvements in both technology and processes are a must.
At the center of the wheel is the network security policy, sometimes referred to as the corporate or enterprise network security policy. This component, if properly implemented, is the blueprint for the four evolutionary processes of the wheel to follow. The next section looks at the security policy in greater detail.