What Is the SAFE Blueprint For?

Cisco's SAFE architecture is intended to be a security implementation blueprint for networks in an environment that includes threats outside and valuable components insidealways a dangerous combination. SAFE is really about protecting a network while maintaining its usability. This will always be a balancing act, and different organizations will find different points of balanceSAFE is intended for all nonhome networks, including nonprofit organizations and government agencies, and businesses of all sizes. Many will balance the two about equally, as shown in Figure 2.1.

Figure 2.1. Equal weight for ease of use and security.

graphics/02fig01.gif

For some, security is less important than ease of use or simplicity of maintenance. In these situations, the balance point shifts to reflect that, as in Figure 2.2. These organizations implement fewer of the technologies described in the SAFE blueprint, which makes it important to very carefully plan the placement of those technologies.

Figure 2.2. Heavier weight for ease of use than security.

graphics/02fig02.gif

For others, the risk of damage from a security breach is far higher, so the balance point shifts to reflect the greater weight that security must bear, as shown in Figure 2.3. These organizations employ more security technologies. Careful thought must go into the monitoring effort because useful information could easily be lost among the "noise" of abundant data.

Figure 2.3. Heavier weight for security than ease of use.

graphics/02fig03.gif

All three of these points of balanceand all points along the planeare equally valid. Which is best for an organization is a decision that already should be made before the SAFE blueprint is applied. That decision should be apparent in the wording of the organization's security policy.

No organization has an unlimited budget for anything, and the budget for security will be less than you would like. That means you need to be able to identify just what your information assets are, what you need to protect them from, and what tools you might have available to do that joband do it while keeping the network usable by the ordinary user . You wanted a challenge, right?

It is indeed a challenge to protect assets from those who shouldn't have access to them while ensuring that those who should, do. Let's start by looking at how to define the assets that you need to protect.



CSI Exam Cram 2 (Exam 642-541)
CCSP CSI Exam Cram 2 (Exam Cram 642-541)
ISBN: 0789730243
EAN: 2147483647
Year: 2002
Pages: 177
Authors: Annlee Hines

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net