2.security business and technical requirement
DESCRIPTION
SNA contentTRANSCRIPT
![Page 1: 2.Security Business and Technical Requirement](https://reader034.vdocuments.net/reader034/viewer/2022051402/5695d3b21a28ab9b029ed954/html5/thumbnails/1.jpg)
What famous North American landmark is constantly moving backward?
![Page 2: 2.Security Business and Technical Requirement](https://reader034.vdocuments.net/reader034/viewer/2022051402/5695d3b21a28ab9b029ed954/html5/thumbnails/2.jpg)
How To develop and Implement Project ?
Analysis Design Coding Testing
Implement
![Page 3: 2.Security Business and Technical Requirement](https://reader034.vdocuments.net/reader034/viewer/2022051402/5695d3b21a28ab9b029ed954/html5/thumbnails/3.jpg)
So when we want to implement security than what should we consider ?
![Page 4: 2.Security Business and Technical Requirement](https://reader034.vdocuments.net/reader034/viewer/2022051402/5695d3b21a28ab9b029ed954/html5/thumbnails/4.jpg)
Requirement gathering Making decision Applying Decision Design
Business RequirementTechnical Requirement
Forest Domain OU Active Directory
![Page 5: 2.Security Business and Technical Requirement](https://reader034.vdocuments.net/reader034/viewer/2022051402/5695d3b21a28ab9b029ed954/html5/thumbnails/5.jpg)
Security Business Requirement
When designing a security for your network, you must ensure that you gathered and understand business requirement
You must analyze the following business factors when you design your organizations windows 2000 security
![Page 6: 2.Security Business and Technical Requirement](https://reader034.vdocuments.net/reader034/viewer/2022051402/5695d3b21a28ab9b029ed954/html5/thumbnails/6.jpg)
Security business requirement
Business model, Business process Projected Growth, Management
Strategy Current security policy,Tolerance of risk The laws and regulations that affect
the organization The organizations financial status The employees’
![Page 7: 2.Security Business and Technical Requirement](https://reader034.vdocuments.net/reader034/viewer/2022051402/5695d3b21a28ab9b029ed954/html5/thumbnails/7.jpg)
The Business Model
Organizations with branches around the world may have different requirements of security than company have a single office
You have to know centralized decision process, will generally centralized security plan
![Page 8: 2.Security Business and Technical Requirement](https://reader034.vdocuments.net/reader034/viewer/2022051402/5695d3b21a28ab9b029ed954/html5/thumbnails/8.jpg)
The business Process You need to know how business process
flow E.g. :
Manager Developer Operator
All of above having different rights , so we have to know it and accordingly we should plane security policies for them
![Page 9: 2.Security Business and Technical Requirement](https://reader034.vdocuments.net/reader034/viewer/2022051402/5695d3b21a28ab9b029ed954/html5/thumbnails/9.jpg)
The Projected Growth
Your security plane should be dynamic Don’t deploy a security with short life
span Be aware about relationship of
organization and partners of organizations
Plane you deploy must be extensible to handle growth over next few years
![Page 10: 2.Security Business and Technical Requirement](https://reader034.vdocuments.net/reader034/viewer/2022051402/5695d3b21a28ab9b029ed954/html5/thumbnails/10.jpg)
The Management Strategy Dose organization use centralized or
decentralized management strategy ? Always ask who manages resources In some case management strategy will
be mix of centralized and decentralized Eg : IT Industry
Main Administrator (Main Branch) Local Administrator (Local Branch)
![Page 11: 2.Security Business and Technical Requirement](https://reader034.vdocuments.net/reader034/viewer/2022051402/5695d3b21a28ab9b029ed954/html5/thumbnails/11.jpg)
The Current Security policy
Many organization will have a predefined security policy
Some organizations restricts to use some protocols within corporate network because of threats
![Page 12: 2.Security Business and Technical Requirement](https://reader034.vdocuments.net/reader034/viewer/2022051402/5695d3b21a28ab9b029ed954/html5/thumbnails/12.jpg)
The tolerance of risk
Organization can differ on what they consider risky
Some organization can consider password less then 10 character is risky , other can consider 6 character to be sufficient
![Page 13: 2.Security Business and Technical Requirement](https://reader034.vdocuments.net/reader034/viewer/2022051402/5695d3b21a28ab9b029ed954/html5/thumbnails/13.jpg)
Laws and regulation that affect organization
Every organization abide by the laws and regulation of the jurisdiction where it perform business.
Know laws and regulation that affect that organization.
Eg: if you want to apply Strong Encryption than some countries like US will not allow you to sent data which is strongly encrypted
![Page 14: 2.Security Business and Technical Requirement](https://reader034.vdocuments.net/reader034/viewer/2022051402/5695d3b21a28ab9b029ed954/html5/thumbnails/14.jpg)
Cont…
Some country requires management to take place within that country
This rules are known as export rules
More information is available at www.microsoft.com (search for Exporting Microsoft product)
![Page 15: 2.Security Business and Technical Requirement](https://reader034.vdocuments.net/reader034/viewer/2022051402/5695d3b21a28ab9b029ed954/html5/thumbnails/15.jpg)
The organizations Financial status
You must have to determine project cost
Try to find out alternate solution that meet business requirement
![Page 16: 2.Security Business and Technical Requirement](https://reader034.vdocuments.net/reader034/viewer/2022051402/5695d3b21a28ab9b029ed954/html5/thumbnails/16.jpg)
The Employees’ skills
Security solutions might involves new technology that an organization's employees don’t have expertise in
You must identifies these shortfalls
![Page 17: 2.Security Business and Technical Requirement](https://reader034.vdocuments.net/reader034/viewer/2022051402/5695d3b21a28ab9b029ed954/html5/thumbnails/17.jpg)
Making the decision Applying the decision
![Page 18: 2.Security Business and Technical Requirement](https://reader034.vdocuments.net/reader034/viewer/2022051402/5695d3b21a28ab9b029ed954/html5/thumbnails/18.jpg)
Design Security to Meet Technical Requirement
Identify technical requirement that will affect your security design
Technical requirement that can affect your security plans are …
![Page 19: 2.Security Business and Technical Requirement](https://reader034.vdocuments.net/reader034/viewer/2022051402/5695d3b21a28ab9b029ed954/html5/thumbnails/19.jpg)
Total size and distribution of resources
Performance consideration Wide area Network links Wide area network usage How data is accessed Administrative structure Current application base
![Page 20: 2.Security Business and Technical Requirement](https://reader034.vdocuments.net/reader034/viewer/2022051402/5695d3b21a28ab9b029ed954/html5/thumbnails/20.jpg)
Total size and distribution of Resources
Total number of computers and users
This distribution helps you to define active directory sites, domains , OU’s based on organization
![Page 21: 2.Security Business and Technical Requirement](https://reader034.vdocuments.net/reader034/viewer/2022051402/5695d3b21a28ab9b029ed954/html5/thumbnails/21.jpg)
Performance Consideration
implementing encryption in network can increase cost
Organization must define what is acceptable performance for common task
E.g query takes 2 second to return 100 result , so protect query and result by considering performance level
![Page 22: 2.Security Business and Technical Requirement](https://reader034.vdocuments.net/reader034/viewer/2022051402/5695d3b21a28ab9b029ed954/html5/thumbnails/22.jpg)
Wide Area Network Links Your security plan must evaluate how remote
offices are connected to corporate office You must identify which technology connect
multiple offices and which protocols as well….
Your security plan must determine what level of encryption require in WAN
You must determine any third party product used in between like Cisco routers ?
![Page 23: 2.Security Business and Technical Requirement](https://reader034.vdocuments.net/reader034/viewer/2022051402/5695d3b21a28ab9b029ed954/html5/thumbnails/23.jpg)
Wide area network usages
One office connected by 512 Kbps link and another is by 128 Kbps
Don’t fall in traps by available bandwidth
Always b4 implementing security calculate usage of bandwidth
![Page 24: 2.Security Business and Technical Requirement](https://reader034.vdocuments.net/reader034/viewer/2022051402/5695d3b21a28ab9b029ed954/html5/thumbnails/24.jpg)
How data is accessed
Your network security plan must identify how data is accessed
Which include which application , protocol , users or computers accessed data
By identifying these components you can implement security
![Page 25: 2.Security Business and Technical Requirement](https://reader034.vdocuments.net/reader034/viewer/2022051402/5695d3b21a28ab9b029ed954/html5/thumbnails/25.jpg)
Administrative Structure
Identify who runs network and where administration takes place
It will also help you to design administration strategy for managing object in AD
![Page 26: 2.Security Business and Technical Requirement](https://reader034.vdocuments.net/reader034/viewer/2022051402/5695d3b21a28ab9b029ed954/html5/thumbnails/26.jpg)
Current Application base
Windows 2000 introduces a stronger base security for computers
It isn’t always compatible with older version of application
If you identify any application in network then plan updating of that application before migration takes place.