Network Security Assessment Workplan Appendix B3

1
Network SecurityAssessment WorkplanAppendix B-3

• Presented by
• SHALEND SAMI

CS654 Security Management
2
Agenda

• Network Security Assessment in ISA Model.
• Key Areas in Evaluating Network.
• Physical and Logical Configuration.
• Definition
• Network Security Assessment Workplan.
• Appendix B-3 Nine Sections.
• Security Manager Utilization.
• Summary.
• Questions.

3
ISA Model
Network is the outside layer to the operating
environment.
Network Security Assessment Plan.
Reference Killmeyer, J. (2006). Information
Security Architecture. Boca Raton, New York
Auerbach Publications.
4
Evaluating Network
Four key areas to consider when evaluating
network security assessment

• Remote Access.
• Intranets.
• Extranets.
• Internet.

http//www.giritech.com/se/media/images/systems_di
agrams/traditional_remote_access_solution_diagram
Reference Killmeyer, J. (2006). Information
Security Architecture. Boca Raton, New York
Auerbach Publications.
5
Physical Logical
The four key areas of connectivity types
mentioned in last slide uses these variety of
physical and logical configurations

• Local Area Networks. LANs
• Metropolitan Area Networks. MANs
• Wide Area Networks. WANs
• Gateways separating the corporate WAN and/or
  
• lines of business.
• Internet Gateways.
• Virtual Private Networks.VPNs
• Value-Added Networks. VANs

Reference Killmeyer, J. (2006). Information
Security Architecture. Boca Raton, New York
Auerbach Publications.
6
Network Security Assessment Workplan
Why need Network Security Assessment Workplan?
Workplan assists in evaluating and performing
essential steps to clearly understand the
security position of the networking environment.
Reference Killmeyer, J. (2006). Information
Security Architecture. Boca Raton, New York
Auerbach Publications.
7
Appendix B-3
Shows the nine important areas, to gather
additional detail information using the network
security assessment workplan model/template

• Network Operating Environment
• Network Management
• Network Access Control
• Third-Party Service Providers
• Remote Access
• Hardware/Software/Circuits
• Backup and Recovery
• External Access
• Internet

Reference Killmeyer, J. (2006). Information
Security Architecture. Boca Raton, New York
Auerbach Publications.
8
UtilizationSecurity Manager
In reviewing network assessment, security
managers expectation would be necessary to obtain
an understanding of the

• Network Architecture.
• Network Management.
• Network Security Administration.
• New Technology Assessment and Deployment.
• Outage and Threat Response Capabilities.

This should be accomplished with the intent to
gain sufficient understanding of the

• Network and business environment to identify
  technical
• and business risks.
• To evaluate the controls implemented for each of
  the
• connectivity types.

Reference Killmeyer, J. (2006). Information
Security Architecture. Boca Raton, New York
Auerbach Publications.
9
Summary

• Network Security Assessment Workplan is part of
  Security
• Baseline/Assessment, which is a component of
  ISA model.
• Four key areas to consider when evaluating
  network security
• assessment. remote access, intranet,
  extranet, and internet
• Physical and Logical Configuration in four areas
  of the
• connectivity. LANs, MANs, WANs, VPNs, VANs,
  and Gateways
• Network Security Assessment Workplan Template.
  Appendix B-3
• Areas of Security Manager Utilization.

10
Questions