Network Security Design

InformIT has a fantastic article on how to develop network security strategies that is an excerpt chapter from Cisco Press' Top-Down Network Design, 3rd Edition. The article teaches a top-down approach focused on planning and policy development that will help organizations make security product/service decisions.

The article recommends a structured strategy so that you're best able to meet your security goals. Making ad hoc decisions and purchases will often lead to gaps in your network security, which is not something you want!

1. Identify network assets.
2. Analyze security risks.
3. Analyze security requirements and tradeoffs.
4. Develop a security plan.
5. Define a security policy.
6. Develop procedures for applying security policies.
7. Develop a technical implementation strategy.
8. Achieve buy-in from users, managers, and technical staff.
9. Train users, managers, and technical staff.
10. Implement the technical strategy and security procedures.
11. Test the security and update it if any problems are found.
12. Maintain security.

The sample chapter is quite thorough, so give it a good read. I think that the section on the components of a security policy is worth repeating here: access policy, accountability policy, authentication policy, privacy policy, computer-technology purchasing guidelines. Sounds like a lot, but this systematic approach should help you get everything in order!