The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/624538
PEER TO PEER: THE QUARTERLY MAGA ZINE OF ILTA 14 BEST PRACTICES Security architects help the business protect network systems and information assets. They consider not only the normal flow of the application but also the abnormal flows, failure modes and ways the systems and applications can be interrupted and fail. CONNECT PEOPLE AND PROCESS As you begin creating a security architecture plan that integrates business and technology with the people and processes of your organization, create a detailed graphic of how the two are linked to help you apply policies that will control devices and software and determine access to systems. COMPLETE AN ASSESSMENT A full assessment allows you to see where weaknesses lie. An assessment will let you know where all the devices and information on your network are located and what systems can be accessed by each individual. To manage and secure the data, your IT team must know: • How your information is categorized (e.g., restricted, private or public — who can read and/or write the information) • Who categorizes it (such as the writer or a manager) • The level of risk that the information could be stolen Documenting what is on the network and who can access it makes it easier for you to ensure you are securing everything as you scale the network. Your network's ability to stand tall all depends on your security architecture. WHAT IS SECURITY ARCHITECTURE? Security architecture is a structured design that stresses the relationship among business objectives, employee tasks, Internet technology (IT) and cybersecurity. It helps defend the network from cybercriminals and maintains an organization's security policies without interfering in operations. Security architecture usually includes a documented process that specifies the security solutions to be provided in a seven-layered networking framework called the Open Systems Interconnection (OSI) model. OSI addresses the following security concerns: • Authentication substantiates the identity of a person • Authorization grants or denies access to a network resource • Audit shows who has accessed a system and what operations he or she has performed during a given period • Availability ensures the network is always available without service interruption • Asset Protection safeguards information from loss, unintended disclosure and unauthorized and unintended use • Administration allows designated persons to add and change individuals, groups and security policies • Risk Management continually manages risk About the Author Paul Stapleton is the Managing Principal for the Dell SecureWorks Security Design and Architecture (SDA) team. He has architected and implemented custom cybersecurity solutions for networks with more than 200,000 users. Paul has designed, built and managed professional security consulting from the ground up and managed security businesses for a number of information technology companies. Contact him at pstapleton@secureworks.com. Starting on Network Security Architecture No matter how many protective devices and security experts your law firm has, if your network exists on a weak foundation, it is bound to fall when attacked.