Welcome to YLOAN.COM
HOME MARKETS TRADE SOLUTIONS TECH CONTACT
yloan.com » Design » Creating The Security Design Framework
Gadgets and Gizmos misc Design Bankruptcy Licenses performance choices memorabilia bargain carriage tour medical insurance data

Creating The Security Design Framework

A security design framework is a structure on which all future security designs can be built

. As a security designer, you should create a base security design framework on which your security designs can be built or you (or your design team) might end up with incomplete assessments, lack of follow-through, and an incomplete picture of the changing security landscape. CompTIA Security+

After this lesson, you will be able to ,

Describe the components of a security design framework.

Describe the process for creating a security design framework.


Identify the principles of information security design.

Explain the purpose of threat modeling.

Perform threat modeling.

Design a process for responding to incidents.

Design the use of segmented networks.

Design a process for recovering services.

Estimated lesson time: 80 minutes

Components of a Security Design Framework

CompTIA Security+ Certification

A security design framework is a collection of items or components that should be considered when creating any information security design. Parts of a security design framework typically include the following concepts, which will be defined more fully in later sections:

Prevention, detection, isolation, and recovery.

The principles of information security design. These are concepts that should be

reviewed when examining any IT process. If they can be applied, a more secure

process will result.

Threat modeling. If you understand how a network or one of its components

might be attacked, you can develop a better defense.

Incident response. When an attack occurs, what should be done?

Segmented network design. Isolating parts of the network can contribute to security. Each design should question the need for segmentation and propose how to

isolate sensitive data and the computers that store or manage it.

Recovery processes. An attack, or even an accident, can mean the destruction of

data, computers, or network infrastructure. Planning for the recovery of data, computers, and network infrastructure can prevent the loss from becoming a disaster.

Life-cycle review. Every security design has a life cycle. Security design, policy

procedure development, implementation of the security design, and management of the design and policies form the basis of a sound security framework. However, this is not a linear process. Each new product, process, and threat means reanalysis and possible revision. Security is not a job that is ever done.

Example: Using the Concepts of Prevention, Detection, Isolation, and Recovery

These considerations should be worked into the security framework and should also be a part of each security design. The framework serves as the list of item that should be considered in every design. This does not mean that every security design will have its own processes for all four but that all four issues should b addressed in the security design.

If, for example, you are charged with ensuring that a new Human Resources sys tern is deployed and maintained in a secure manner, policies and procedures might already be in place that cover the hardening of the operation system (a common approach to preventing successful attacks), detection of attack (via auditing and intrusion detection systems), and response to an incident, including isolation of the affected computers (by the appointed incident response team). Current backup and recovery plans might be sufficient to ensure that systems can be efficiently replaced and brought on line. Your security design might only need to address the uniqueness of the Human Resources software, the sensitivity of the data it contains, and provide an evaluation of its place in a business continuity recovery plan.

The Process: Creating a Security Design Framework

There are many ways to create a security design framework. Here is one process fo: creating a security design framework:

1. Use the components of a security design framework from the preceding topic as

a starting point. This list includes the basic elements of the framework.

2. Question experienced designers to obtain additional items or more examples of

how to apply these items.

3. Review security designs, and add the common elements you find in the designs to


your framework.

4. After each successful design, look for and record any new items you feel should

be reviewed when creating new designs.

by: endeavor03
The Secrets Of Creating A Great Web Design Portfolio Guide- How to find a Web Design Company Get Paid To Draw Selling Artwork Common Web Design Mistakes by Web Designers Ideas That Work For Effective Landing Page Design How Do You Identify a Good Web Designer? What It Takes to Be a Good Web Designer Croc Clogs now Produce This Amazing Croc Boot Design That Has so Much to Offer See This - Sexual Side Effects - It'S Your Lifestyle Lifestyle changes are the best Lord Abnev Graphics free imagesfreelance graphic designer The Technical Elements of Vocal Style Ultimate guide to best web design
print

Contact

mail:info@yloan.com

www.yloan.com

About us Infoline Team Join us Cooperation

Products

Yloan information

Our Solutions

Presentation Testimonials Examples Our experts Resources

Press Room

Advertisement Interviews Hot news Photos Marketing

Resources

loan info finance info
www.yloan.com guest:  register | login | search IP(216.73.216.125) California / Anaheim Processed in 0.017908 second(s), 7 queries , Gzip enabled , discuz 5.5 through PHP 8.3.9 , debug code: 80 , 4865, 99,
Creating The Security Design Framework Anaheim