When you are planning, designing, or implementing a network or are assigned to operate and manage one, it is useful to ask yourself the following questions:
- What are you trying to protect or maintain?
- What are your business objectives?
- What do you need to accomplish these objectives?
- What technologies or solutions are required to support these objectives?
- Are your objectives compatible with your security infrastructure, operations, and tools?
- What risks are associated with inadequate security?
- What are the implications of not implementing security?
- Will you introduce new risks not covered by your current security solutions or policy?
- How do you reduce that risk?
- What is your tolerance for risk?