SECURITY ENGINEERING & ARCHITECTURE 

Netneering




















At Netneering we can design the processes, concepts, infrastructure, and policies & standards across multiple layers of the organization; including the network, application, system, and physical layers in efforts to promote confidentiality, integrity, and availability of company data and systems.

Our Design methodology takes into account business mission and compliance requirements your organization may be subjected to.


  • Understand security needs across all the entire organization.
  • Determination of  whether a centralized or decentralized approach works best for a given implementation.
  • Understanding of well -known models which can be used during design .
  • Understanding of various frameworks used to provide a thorough implementation of security principles, policies, controls, and safeguards.
  • An appreciation of the streamlining and automation of certain business processed for increased visibility and consistency.

Key Attributes:
Work Streams
Description

Strategies, Principles, and Policies

A clearly defined set of technology-independent overarching policies, principles, and strategies developed from the business strategy.
Business Alignment
Involves taking the steps to determine how to best align certain business process with IT security principles.
Security Controls
 Determine the right set of security controls which are needed for your organization.
Technical Framework
There are a number of technical frameworks which may be used in tandem to support  security architecture.
Compliance
 Measures taken align business with regulatory or legal requirements.
Assurance
Determine how controls can be periodically audited and that audits are repeatable.
MetricsProducing analytical data to gauge progress  or degradation of desired performance indicators.


Purpose:  Improve or pioneer security architecture and engineering required for robustness, scalability, and economies of scale.


Design

Layers
Description

Application

This layer deals with actual applications as they are deployed on systems. One application may require a number key components and/or systems for functionality.
Network
This layer represents the backbone by which devices communicate with one another.  It defines  the segmentation zones, and monitoring requirements. It also enforces the authentication, authorization, and accounting required to control access throughout the network.
System
This layer represents workstations, servers, and appliances which have an operating system.  Design of such devices involves topics such as program execution, access to input/output devices, controlled access to files and data, system access for maintenance,  and accounting and tracking.
Physical
This layer represents the physical  access to both restricted and none restricted areas.  This might involve security cameras, badge readers, elevator access, datacenter access, and generically all points of entry.