Filter
Top Products
28 Building a Network Access Control Solution with IBM Tivoli and Cisco Systems
2.3 Design process
The MASS methodology that we follow in this book includes the following steps of
the design process:
1. Model business process.
2. Establish security design objectives.
3. Select and enumerate subsystems.
4. Document conceptual security architecture.
We now walk through these steps.
2.3.1 Security compliance management business process
Figure 2-6 illustrates the security compliance management business process,
which is described in detail in the redbook Deployment Guide Series: IBM Tivoli
Security Compliance Manager, SG24-6450.
Figure 2-6 Generic security compliance management business process
The security compliance management business process consists of these
general steps:
1. Apply security policy.
The first step in setting up a health check process is to make sure that the
required security control settings of the enterprise security policy are audited.
Security Audit Team
System
administration
System
administration
System
administration
Authority
Management
1. Apply security
policy
2. Check control
settings and compare to
Security Policy
4. Report
deviations
5. Correct
settings
3.Document health
check and deviations
9.Document accepted
deviations
7.Request
exceptions
6. Report compliance status
8. Ask for risk accaptance
Security
Policy
Servers