How to use the SAFE Blueprint

The SAFE Blueprint is modular. Businesses might deploy one module for the network perimeter, another for a wireless LAN (WLAN), and yet another for virtual private networks (VPNs). The advantages are that SAFE addresses the key modules and the security relationships among various modules. Designers can also evaluate and implement security module-by-module instead of attempting to tackle the complete blueprint all at once.

Follow these guidelines to take optimum advantage of the SAFE Blueprint

SAFE can be applied in any network size from Enterprise to SMB

NETWORK SECURITY INVESTMENT - THE EXECUTIVE ROI BRIEFCASE

Obtain cross-company buy-in for your security solution Involve both business and technical decision-makers . Input from both is required to create an effective solution. In larger businesses, include individuals from both security operations and network operations. Ensure security is a high priority for your business - Make all decision-makers aware of how security - or the lack of it - will affect business applications they care about. Gain the support of business decision-makers, including those in human resources and legal for countermeasures . Make sure business decision-makers understand security must be multi-tiered and is an ongoing process. No product or suite of products by itself guarantees security, so best practices are essential. Set decision-makers' expectations regarding security expenditures and attainable levels of security. Identify system vulnerabilities Conduct a Security Posture Assessment (SPA), which is a comprehensive baseline test of network vulnerability. An SPA looks at the network as an attacker would, identifying live hosts on the network and services offered, then attempting to exploit vulnerabilities in these systems, services, and applications. The result is a comprehensive report of all systems and vulnerabilities, including critical threat information and detailed security recommendations. SPA costs are based on the size and complexity of the network. Full and external-only assessments are available. Encourage policy creation Develop an enforceable "security policy" including security rules (network & physical), processes, acceptable behaviors and guidelines. It should be owned by a dedicated policy team and boosted by the commitment of senior management. Security policies and processes may include, but are not limited to: Internet usage policy Password protection mechanisms Personal asset usage policies Encryption and anti-virus processes Remote Access policy Firewall rule set policies Router and server policy Wireless communication policy Extranet connectivity policy Forensics and prosecution policies Disaster recovery policies For businesses not familiar with or not experienced in establishing corporate-wide security policies, specialized service organizations can provide the necessary assistance to meet business objectives. Use the SAFE Blueprint to plan After laying the groundwork for a successful security implementation (steps 1-3), use the SAFE Blueprint to plan network security. SAFE Blueprint white papers (click on More SAFE resources on the right navigation bar) are available for the enterprise, small and midsize businesses, VPN, wireless and IP Communications. Testing and monitoring Create and implement the security plan . Consider a phased security implementation, one module at a time, based on business needs, information systems usage patterns and budget. For example, an enterprise might first deploy the remote access and VPN module for intranet users, and then the extranet module for partner access. Cisco offers a range of solutions for each security requirement: security management, extended perimeter security, secure connectivity, intrusion protection and identity services. The solutions range from simple device management to complex policy management and are scaled to the size of business and environment to be protected. Testing and monitoring Security deployment is not a static, one-off event. Organizations must continually test and re-evaluate their security systems and processes to guard against attack. Metrics, woven into the security policy and agreed upon up-front, are critical for gauging whether security countermeasures are successful, and should be tracked.   SAFE Blueprint Case Studies Many organisations have benefited from the Cisco SAFE Blueprint approach to securing their network and business. » find out more

» Read more about SAFE and get the SAFE whitepapers for VPN, Wireless and IPT implementations. » Implementing the SAFE Strategy using Cisco Integrated Security Solutions