老外的东西就是希望搞环,什么东西都是一个循环,周而复始。

Network security is a continuous process built around the corporate security policy. The security wheel depicted in Figure 1-6 shows a recursive, ongoing process of striving toward perfection—to achieve a secured network infrastructure. The paradigm incorporates the following five steps:

网络安全是根据公司的安全策略建立起来的一个连续的过程。5个步骤:

Step 1. Develop a security policy
A strong security policy should be clearly defined, implemented, and documented, yet simple
enough that users can easily conduct business within its parameters.

1.建立安全策略

    安全策略要清晰,易执行,要编成文档,用户能简单地应用于业务目标。

Step 2. Make the network secure
Secure the network by implementing security solutions (implement authentication, encryption,
firewalls, intrusion prevention, and other techniques) to stop or prevent unauthorized access or
activities and to protect information and information systems.

2.保护网络安全

 通过认证,加密,防火墙,***防御等技术解决方案保护网络。

Step 3. Monitor and respond.
This phase detects violations to the security policy. It involves system auditing and real-time
intrusion detection and prevention solutions. This also validates the security implementation in Step
2.
Step 4. Test.
This step validates the effectiveness of the security policy through system auditing and vulnerability
scanning and tests existing security safeguards.
Step 5. Manage and improve.
Use information from the monitor and test phases to make improvements to the security
implementation. Adjust the corporate security policy as security vulnerabilities and risks are
identified. Manage and improve corporate security policy.