Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.
Frank Cassano

Assessing your Organization’s Network Perimeter (pt. 3)

Frank Cassano writes the column The Risk Rack
By posted in General July 24, 2008 6:00am
Pages: 1 2 3 4 5

The second level would be security which consists of processes to ensure that the security of the perimeter or the data is not compromised and that it is available when needed. The basic requirements of the 2 levels are as follows and the processes should address these areas at minimum.

Level 1:

  1. Performance monitoring: To ensure all systems are operating as expected.
  2. Hardware refresh schedule: To ensure that the hardware on the perimeter are maintained and replaced on a specific cycle.
  3. Patch schedule : To ensure that there are documented upgrade processes for application and system patches
  4. Application update processes: To ensure that updates to applications comply with the companies SDLC.
  5. Performance reporting: To ensure that management is informed of performance and to develop a history of the perimeter performance.
  6. Vendor management guidelines for each vendor used to support the network perimeter.

Level 2:

  1. Security monitoring: To ensure that there are no internal or external threats to the network perimeter.
  2. Security patch process: To ensure that security patches are applied in a controlled manner.
  3. Security reporting: To ensure that management is informed of security posture and incidents as well as to develop a history of the perimeter security.
  4. Incident response processes: To ensure that potential security incidents are identified effectively and that they are followed up on effectively.

The fourth category “Retirement processes” Consists of processes for removing an element from the perimeter. Very often this category is non existent and could lead to enormous security exposure even before the Internet old forgotten connections, servers or services were the favorite target of hackers. These processes must detail:

  1. The approval process for removing something from the network perimeter. The technical steps for removing something from the network perimeter
  2. The technical steps for updated any related devices that support the network perimeter (i.e. Firewalls, routers)
  3. Requirements for updating the performance monitoring due to the removal.
  4. Requirements for updating the security reporting due to the removal.

Some additional items to consider when performing your review of

Popularity: 1%

Pages: 1 2 3 4 5
Bookmark this post
Sphere: Related Content
Popularity: 1%
Print Print
Related Articles:
, , , , , , , Post a comment or leave a trackback: Trackback URL.

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*