3 design process, 1 security compliance management business process, Security compliance management business process – IBM Tivoli and Cisco User Manual

28

Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

2.3 Design process

The MASS methodology that we follow in this book includes the following steps of
the design process:

1. Model business process.
2. Establish security design objectives.
3. Select and enumerate subsystems.
4. Document conceptual security architecture.

We now walk through these steps.

2.3.1 Security compliance management business process

Figure 2-6 illustrates the

security compliance management business process

,

which is described in detail in the redbook Deployment Guide Series: IBM Tivoli
Security Compliance Manager, SG24-6450.

Figure 2-6 Generic security compliance management business process

The security compliance management business process consists of these
general steps:

1. Apply security policy.

The first step in setting up a health check process is to make sure that the
required security control settings of the enterprise security policy are audited.

Security Audit Team

System

administration

System

administration

System

administration

Authority

Management

1. Apply security

policy

2. Check control

settings and compare to
Security Policy

4. Report

deviations

5. Correct

settings

3. Document health

check and deviations

9. Document accepted

deviations

7.Request

exceptions

6. Report compliance status
8. Ask for risk accaptance

Security

Policy

Servers