The implementation of a security policy typically involves four steps:
Step 1. | Develop the security policy. |
Step 2. | Implement the security products called for by the security policy. |
Step 3. | Inspect the policy periodically. |
Step 4. | Handle incidents as they occur. |
This process does not provide for the continual adaptation of the security policy to changes in the network environment. The Security Wheel concept treats network security as a continuous process that is built around the corporate security policy. This process is divided into four stages:
Securing the network.
Monitoring the network.
Testing the security of the network.
Improving the security of the network.
During the first phase of the Security Wheel, security solutions are implemented. This process involves deploying firewalls, VPN devices, intrusion detection systems (IDSs), and authentication systems and patching any systems that require a patch. These systems are deployed to stop or prevent unauthorized access or activities.
The second phase in the Security Wheel involves monitoring the network to detect violations of the security policy. Monitoring includes system auditing and real-time intrusion detection. This step is designed to validate the security implementation that is conducted in the first stage.
The testing phase of the Security Wheel involves validating the effectiveness of the security policy implementation. Validation is done through system auditing and vulnerability scanning.
In the fourth phase of the Security Wheel, the information gathered during the monitoring and testing phases is used to improve the security implementation of the network. At this phase, adjustments can be made to the security policy as vulnerabilities (both new and old) and risks are identified.
The fourth phase feeds back into the first and the process begins anew. Figure 5-1 illustrates the Security Wheel concept.