Secure network management
You have encountered many different elements in this course, each of which is quite complex in itself.
Take a moment to think about how you would manage these defences on a day-to-today basis. What do you think the greatest challenges would be? These are the types of questions that fall into the category of network management.
Now you are going to learn about the managing and co-ordinating of these different elements in this article on network management. Network management comprises the systems, tools, and processes needed to provision, operate, administer, and maintain networks. Good network governance is important for the organisation to maintain their security posture. Poor governance could lead to incorrect configuration of a firewall or filtering rules in a router which could expose the organisation to significant risk.
The whole organisation depends on network integrity, so it needs to be resilient and provide the ability to respond to different business continuity demands. As networks can be extremely complex and connect many data centres, buildings and sites, a network management centre should be established to monitor the network. This is usually a 24-7 operation and works in conjunction with a Security Operations Centre (SOC).
Security Operations Centre (SOC)
A Security Operations Centre (SOC) effectively has three main roles regarding Cyber threats: detection, protection, and prevention.
One of the greatest advantages of an SOC is that it has 24/7 monitoring. It is not just always awake to detection and protection in isolated breaches, but it fosters a continuous improvement of security. You should also note that a SOC is also involved in compliance management. It is not only guided by established best practice but also needs to comply with the relevant regulations such as GDPR but also standards such as ISO/IEC 27000.
These types of standards should be followed when developing the governance structure, and associated processes and procedures. Recommendations contained in the ISO/IEC 27000 series of standards, as well as ITIL and ISO 9001 should inform policy and guide the Network management and SOC activity.
The governance structure provides a reporting line to senior management which communicates how effective the controls are in providing policy support, so, if necessary, controls can be changed to reflect new realities. Once again this is a good example of continuous feedback helping to refine and reinforce the current defences.
To summarise the role of the SOC, The Security Operations Centre will:
- Monitor the status of the network, looking for outages and problems.
- Observe configuration changes which could indicate an attacker trying to reconfigure network devices.
- Maintain a baseline of configurations installed on network devices.
- Hold documentation on the network architecture and topology, including configuration information.
As mentioned, 24/7 service a SOC provides is not only an immediate defence in a live breach situation, but it helps your protection to evolve and become stronger and more resilient over time. A useful way to understand this is if you look at the Plan-Do-Check-Act model.
Plan-Do-Check-Act
The Plan-Do-Check-Act model, as shown in Figure 1, is a useful illustration of this iterative process which is present in many of the areas you are studying in this CISMP course.
It is really an extension of the scientific method. It starts with 'Plan' which is where you define the goals and the actions needed to achieve them. 'Do' is then the implementation of these actions. 'Check' is where you study the results and compare them to the goals in the Plan phase. Then you move onto 'Act' where you improve the process by adjusting the process and redefining the goals to create a better starting point for the next cycle. At the end of the actions in this phase, the process should have better procedures and processes and controls. Planning for the next cycle can then advance with a better baseline for the next cycle; this is thanks to the progress made in the previous phase.
Figure 1: The Deming cycle
Do you Plan-Do-Check-Act?
Do you use the 'Plan-Do-Check-Act' model or something similar at work or in any area of your life? Do you think it's useful?
What's next?
Well done! You've now completed this course on Networks and Communications.
In this course you’ll take a deep dive into networks and communications controls, looking at Firewalls, DMZ and VPN among others.
A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.