9.4 Developing a Security and Privacy Plan

As discussed in Chapter 5, the development of each component architecture is based on our understanding of why that function is needed for that particular network. Although some may argue that security is always necessary, we still need to ensure that the security mechanisms we incorporate into the architecture are optimal in achieving the security goals for that network. Therefore, toward developing a security architecture, we should answer the following questions:

What are we trying to solve, add, or differentiate by adding security mechanisms to this network?
Are security mechanisms sufficient for this network?

Although some degree of security is necessary for any network, we should have information from the threat analysis to help us decide how much security is needed. As with the performance architecture, we want to avoid implementing (security) mechanisms just because they are interesting or new.

When security mechanisms are indicated, start simple and work toward a more complex security architecture when warranted. Simplicity may be achieved in the security architecture by implementing security mechanisms only in selected areas of the network (e.g., at the access or distribution [server] networks), by using only one or a few mechanisms, or by selecting only those mechanisms that are easy to implement, operate, and maintain.

In developing the security architecture, you should determine what problems your customer is trying to solve. This may be clearly stated in the problem definition or developed as part of the threat analysis, or you may need to probe further to answer this question. Some common areas that are addressed by the security architecture include:

Which resources need to be protected
What problems (threats) are we protecting against
The likelihood of each problem (threat)

This information becomes part of your security and privacy plan for the network. This plan should be reviewed and updated periodically to reflect the current state of security threats to the network. Some organizations review their security plans yearly, and others do so more frequently, depending on their requirements for security.

Note that there may be groups within a network that have different security needs. As a result, the security architecture may have different levels of security. This equates to the security perimeters or zones introduced in Chapter 8. How security zones are established is discussed later in this chapter.

Once you have determined which problems will be solved by each security mechanism, you should then determine whether these security mechanisms are sufficient for that network. Will they completely solve the customer's problems, or are they only a partial solution? If they are a partial solution, are there other mechanisms that are available or that will be available within your project time frame? You may plan to implement basic security mechanisms early in the project and upgrade or add to those mechanisms at various stages in the project.