Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
?
EE Times-Asia > Embedded
?
?
Embedded??

A security program based on technology

Posted: 03 Nov 2003 ?? ?Print Version ?Bookmark and Share

Keywords:Design Corner? Networking? Embedded Systems?

In today's digital economy, the high value of integrated software and hardware form a vital part in the success of a business. Looking at this technology from a network perspective, components of software and hardware enable a channel of communication, by which an organization operates and integrates with other businesses: partners, suppliers, customers, managed service providers and others.

In turn, the organization seeks a spectrum of return on their network technology investment: greater efficiency, reduced expenses and expanded global reach. This reliance by businesses on operating with a networked infrastructure introduces a dependency on technology. The net result is a need to manage risk associated with technology. The solution is to deploy more technology to achieve the desired level of protection-network security products.

A comprehensive network security program comprises incident prevention, detection, response and management. Many vendors address these needs through a wide variety of network security solutions, but the challenge of choosing the right one falls to the organization. Budget considerations tend to be the most critical factor when implementing a security plan.

Most organizations have difficulty calculating the security costs associated with technology adoption, as there are many unseen costs compiled from peripheral factors.

Given the array of options one could employ when developing a secure network, an ideal place to begin is to develop a list of requirements. Reviewing business and product requirements can serve as a good baseline.

In today's digital economy, the high value of integrated software and hardware form a vital part in the success of a business. Looking at this technology from a network perspective, components of software and hardware enable a channel of communication, by which an organization operates and integrates with other businesses: partners, suppliers, customers, managed service providers and others.

In turn, the organization seeks a spectrum of return on their network technology investment: greater efficiency, reduced expenses and expanded global reach. This reliance by businesses on operating with a networked infrastructure introduces a dependency on technology. The net result is a need to manage risk associated with technology. The solution is to deploy more technology to achieve the desired level of protection-network security products.

A comprehensive network security program comprises incident prevention, detection, response and management. Many vendors address these needs through a wide variety of network security solutions, but the challenge of choosing the right one falls to the organization. Budget considerations tend to be the most critical factor when implementing a security plan.

Most organizations have difficulty calculating the security costs associated with technology adoption, as there are many unseen costs compiled from peripheral factors.

Given the array of options one could employ when developing a secure network, an ideal place to begin is to develop a list of requirements. Reviewing business and product requirements can serve as a good baseline.

In today's digital economy, the high value of integrated software and hardware form a vital part in the success of a business. Looking at this technology from a network perspective, components of software and hardware enable a channel of communication, by which an organization operates and integrates with other businesses: partners, suppliers, customers, managed service providers and others.

In turn, the organization seeks a spectrum of return on their network technology investment: greater efficiency, reduced expenses and expanded global reach. This reliance by businesses on operating with a networked infrastructure introduces a dependency on technology. The net result is a need to manage risk associated with technology. The solution is to deploy more technology to achieve the desired level of protection-network security products.

A comprehensive network security program comprises incident prevention, detection, response and management. Many vendors address these needs through a wide variety of network security solutions, but the challenge of choosing the right one falls to the organization. Budget considerations tend to be the most critical factor when implementing a security plan.

Most organizations have difficulty calculating the security costs associated with technology adoption, as there are many unseen costs compiled from peripheral factors.

Given the array of options one could employ when developing a secure network, an ideal place to begin is to develop a list of requirements. Reviewing business and product requirements can serve as a good baseline.

In today's digital economy, the high value of integrated software and hardware form a vital part in the success of a business. Looking at this technology from a network perspective, components of software and hardware enable a channel of communication, by which an organization operates and integrates with other businesses: partners, suppliers, customers, managed service providers and others.

In turn, the organization seeks a spectrum of return on their network technology investment: greater efficiency, reduced expenses and expanded global reach. This reliance by businesses on operating with a networked infrastructure introduces a dependency on technology. The net result is a need to manage risk associated with technology. The solution is to deploy more technology to achieve the desired level of protection-network security products.

A comprehensive network security program comprises incident prevention, detection, response and management. Many vendors address these needs through a wide variety of network security solutions, but the challenge of choosing the right one falls to the organization. Budget considerations tend to be the most critical factor when implementing a security plan.

Most organizations have difficulty calculating the security costs associated with technology adoption, as there are many unseen costs compiled from peripheral factors.

Given the array of options one could employ when developing a secure network, an ideal place to begin is to develop a list of requirements. Reviewing business and product requirements can serve as a good baseline.

Business requirements

A review of business requirements when developing a secure network helps a company to clarify data. Keeping in mind that security expenditures should not exceed the value of what is being protected, an organization that has developed a classification taxonomy for its digital assets is better positioned than one that has not.

The classification model enables a company to prioritize security levels based on how critical the asset is. For example, a business could use a scale of 1 to 5 for asset classification, where 5 is the most critical classification and 1 is the least. When looking at level 5 assets, like corporate financials, the company would invest a greater amount in security, commensurate with the importance of level 5 assets--24/7 security monitoring, separated network segment, strict firewall rules, host--and network-based intrusion detection, encrypted access control and the like.

When looking at level 1 assets, such as the internal Web page, the company might only require OS hardening, network intrusion detection and access logging.

Some questions designers should answer during the classification development process are: What are the company's digital assets? Who needs to access these assets? Where are the assets stored? Finally, ask how technology enables business with these assets. Is it through transport, access, storage or the presentation of the digital asset?

In addition to developing a digital-asset classification model, many companies use attack-simulation and penetration testing to identify their security needs. By simulating an attack, companies can evaluate their risk posture and measure their attack detection, prevention and response capabilities.

Penetration testing reveals existing vulnerabilities, at a given point of time, while also exemplifying the outcome of potential threats. Businesses often use this type of assessment to help calculate the scope of security investment required to erase existing vulnerabilities and prevent future exposures.

The use of attack-simulation and penetration testing also helps companies to develop an attack tree, which identifies potential attack vectors. This modeling exercise lets the company identify the breadth of protection required. Organizations often have difficulty calculating the monetary impact of security incidents compared to other losses, which leaves a question mark on the security budget sheet. Vulnerability testing helps establish a realistic budget to address comprehensive security needs.

- Samir Kapuria

Director of Strategic Solutions

@stake Inc.





Article Comments - A security program based on technolo...
Comments:??
*? You can enter [0] more charecters.
*Verify code:
?
?
Webinars

Seminars

Visit Asia Webinars to learn about the latest in technology and get practical design tips.

?
?
Back to Top