Skip to main content

Challenges of Securing an Enterprise and Meeting Regulatory Mandates

01 November 2006

New Image

Security incidents continue to rise globally - up 22% in 2005. Enterprises and service providers alike are faced with the challenge of ensuring a rigorous approach to network security throughout the entire lifecycle of their security programs. Many critical security requirements are currently addressed as an afterthought in a reaction to the security incidents. This results in piecemeal security fixes, which do not provide a comprehensive and cost effective security solution. Network security should be designed around a strong security framework, the available tools, standardized protocols, and where available, easily configured software and hardware. Naturally, in a multi-vendor environment, mo end-to-end security solution can be achieved without standards. The ISO 18028 standard, which is broken into five sub-levels, provides guidance on the security aspects of the management, operation and use of IT networks. 18028-2 defines a standard security architecture, which describes a consistent framework to support the pkanning, design and implementation of network security for the IT industry. The Bell Labs Security model is the basis for the ISO- 18028-2 standard. In this paper, we discuss how the standard can be applied as a framework for network security assessment by presenting threat analysis of an example network. We also discuss the applicability of the framework for implementing the technical controls for regulatory compliance initiatives. ISO 18028-2 provides a common and rigorous methodology for defining a robust security program of next generation networks.