2.3 Design process

The MASS methodology that we follow in this book includes the following steps of the design process:

1.Model business process.

2.Establish security design objectives.

3.Select and enumerate subsystems.

4.Document conceptual security architecture.

We now walk through these steps.

2.3.1 Security compliance management business process

Figure 2-6illustrates the security compliance management business process, which is described in detail in the redbook Deployment Guide Series: IBM Tivoli Security Compliance Manager, SG24-6450.

System

System administration

System administration

administration

5. Correct settings

Servers

 

7.Request

 

exceptions

 

Security Audit Team

4. Report

3. Document health

deviations

check and deviations

 

9. Document accepted

 

deviations

2.Check control

settings and compare to Security Policy

Security

Policy

1.Apply security policy

6.Report compliance status

8.Ask for risk accaptance

Authority

Management

Figure 2-6 Generic security compliance management business process

The security compliance management business process consists of these general steps:

1.Apply security policy.

The first step in setting up a health check process is to make sure that the required security control settings of the enterprise security policy are audited.

28Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

Page 45 Page 47
Page 46
Image 46
IBM Tivoli and Cisco manual Design process, Security compliance management business process
Page 45 Page 47
Top Page Image Contents