2.Security Business and Technical Requirement
description
Transcript of 2.Security Business and Technical Requirement
What famous North American landmark is constantly moving backward?
How To develop and Implement Project ?
Analysis Design Coding Testing
Implement
So when we want to implement security than what should we consider ?
Requirement gathering Making decision Applying Decision Design
Business RequirementTechnical Requirement
Forest Domain OU Active Directory
Security Business Requirement
When designing a security for your network, you must ensure that you gathered and understand business requirement
You must analyze the following business factors when you design your organizations windows 2000 security
Security business requirement
Business model, Business process Projected Growth, Management
Strategy Current security policy,Tolerance of risk The laws and regulations that affect
the organization The organizations financial status The employees’
The Business Model
Organizations with branches around the world may have different requirements of security than company have a single office
You have to know centralized decision process, will generally centralized security plan
The business Process You need to know how business process
flow E.g. :
Manager Developer Operator
All of above having different rights , so we have to know it and accordingly we should plane security policies for them
The Projected Growth
Your security plane should be dynamic Don’t deploy a security with short life
span Be aware about relationship of
organization and partners of organizations
Plane you deploy must be extensible to handle growth over next few years
The Management Strategy Dose organization use centralized or
decentralized management strategy ? Always ask who manages resources In some case management strategy will
be mix of centralized and decentralized Eg : IT Industry
Main Administrator (Main Branch) Local Administrator (Local Branch)
The Current Security policy
Many organization will have a predefined security policy
Some organizations restricts to use some protocols within corporate network because of threats
The tolerance of risk
Organization can differ on what they consider risky
Some organization can consider password less then 10 character is risky , other can consider 6 character to be sufficient
Laws and regulation that affect organization
Every organization abide by the laws and regulation of the jurisdiction where it perform business.
Know laws and regulation that affect that organization.
Eg: if you want to apply Strong Encryption than some countries like US will not allow you to sent data which is strongly encrypted
Cont…
Some country requires management to take place within that country
This rules are known as export rules
More information is available at www.microsoft.com (search for Exporting Microsoft product)
The organizations Financial status
You must have to determine project cost
Try to find out alternate solution that meet business requirement
The Employees’ skills
Security solutions might involves new technology that an organization's employees don’t have expertise in
You must identifies these shortfalls
Making the decision Applying the decision
Design Security to Meet Technical Requirement
Identify technical requirement that will affect your security design
Technical requirement that can affect your security plans are …
Total size and distribution of resources
Performance consideration Wide area Network links Wide area network usage How data is accessed Administrative structure Current application base
Total size and distribution of Resources
Total number of computers and users
This distribution helps you to define active directory sites, domains , OU’s based on organization
Performance Consideration
implementing encryption in network can increase cost
Organization must define what is acceptable performance for common task
E.g query takes 2 second to return 100 result , so protect query and result by considering performance level
Wide Area Network Links Your security plan must evaluate how remote
offices are connected to corporate office You must identify which technology connect
multiple offices and which protocols as well….
Your security plan must determine what level of encryption require in WAN
You must determine any third party product used in between like Cisco routers ?
Wide area network usages
One office connected by 512 Kbps link and another is by 128 Kbps
Don’t fall in traps by available bandwidth
Always b4 implementing security calculate usage of bandwidth
How data is accessed
Your network security plan must identify how data is accessed
Which include which application , protocol , users or computers accessed data
By identifying these components you can implement security
Administrative Structure
Identify who runs network and where administration takes place
It will also help you to design administration strategy for managing object in AD
Current Application base
Windows 2000 introduces a stronger base security for computers
It isn’t always compatible with older version of application
If you identify any application in network then plan updating of that application before migration takes place.