Contents
Overview 1
Lesson: Analyzing Risks to Ongoing
Network Operations 2
Lesson: Designing a Framework for
Ongoing Network Operations 6

A
ppendix C: Designing an
Operations Framework to
Manage Security





Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious,
and no association with any real company, organization, product, domain name, e-mail address,
logo, person, place or event is intended or should be inferred. Complying with all applicable
copyright laws is the responsibility of the user. Without limiting the rights under copyright, no
part of this document may be reproduced, stored in or introduced into a retrieval system, or
transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or

otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.

 2002 Microsoft Corporation. All rights reserved.

Microsoft, MS-DOS, Windows, Windows NT, Active Directory, ActiveX, BizTalk, PowerPoint, Visio,
and Windows Media
are either registered trademarks or trademarks of Microsoft Corporation in the
United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their
respective owners.



Appendix C: Designing an Operations Framework to Manage Security 1


Overview

*****************************
ILLEGAL FOR NON-TRAINER USE******************************
In this appendix, you will learn how to help ensure the management of ongoing
security operations. To maintain the security of network operations, you must
ensure proper management of the security design and design a change
management framework to meet changing security needs and conditions.

After completing this appendix, you will be able to:
 Analyze risks to ongoing network operations.
 Design a framework for ensuring secure network operations.

Introduction
Ob
j
ectives
2 Appendix C: Designing an Operations Framework to Manage Security


Lesson: Analyzing Risks to Ongoing Network Operations

*****************************
ILLEGAL FOR NON-TRAINER USE******************************
Ongoing network operations are the everyday administration and management
of your network. The actions performed to maintain the network may conflict
with security policy or introduce vulnerabilities that your design did not
anticipate.
After completing this lesson, you will be able to:
 Explain the concept of ongoing management of network operations.
 Explain why securing network operations is important.
 List common vulnerabilities to network operations.

Introduction
Lesson ob
j
ectives
Appendix C: Designing an Operations Framework to Manage Security 3



Management of Ongoing Network Operations

*****************************
ILLEGAL FOR NON-TRAINER USE******************************
The Microsoft Operations Framework (MOF) is a comprehensive suite of
operational guidance materials that encompass people, processes, and
technologies. MOF provides a framework for effectively managing production
systems within information technology (IT) environments, including network
security.
For more information on MOF, see the white paper, Process Model for
Operations, under Additional Reading on the Web page on the Student
Materials CD.
Key points
Additional readin
g

4 Appendix C: Designing an Operations Framework to Manage Security


Why Security of Network Operations Is Important

*****************************
ILLEGAL FOR NON-TRAINER USE******************************
A software company releases a new security update that secures a recently
discovered vulnerability. Because the organization lacks policies for managing
the deployment of updates, an attacker is able to exploit the vulnerability on the
network before administrators apply the patch to all computers.
An administrator notices a potential security compromise but is unsure how to
report it. The administrator decides to remove the corporate network from the

Internet, causing the company to lose productivity and revenue from their e-
commerce Web site.
External attacker
scenario
Internal attacker
scenario
Appendix C: Designing an Operations Framework to Manage Security 5


Common Vulnerabilities to Network Operations

*****************************
ILLEGAL FOR NON-TRAINER USE******************************
The ongoing operation of a network can introduce vulnerabilities into the
security of a network, even if you have a security design in place.
Planning for ongoing network operations during the design of network security
can help prevent vulnerabilities from subverting your security policy.
Key points
6 Appendix C: Designing an Operations Framework to Manage Security


Lesson: Designing a Framework for Ongoing Network
Operations

*****************************
ILLEGAL FOR NON-TRAINER USE******************************
By planning for ongoing operations in your security design, you can help
ensure that changes to the network as a result of daily operations do not
adversely affect network security. Ongoing operations also involve support of
the policies and procedures that you design, and ensure that service level

agreements (SLAs) exist to maintain network operations.
After completing this lesson, you will be able to:
 Describe steps for planning a framework for secure operations.
 Describe guidelines for:
• Change management.
• Daily security operations.
• Supporting security policies.
• Using SLAs.
• Optimizing security policies.

Introduction
Lesson objectives
Appendix C: Designing an Operations Framework to Manage Security 7


Steps for Planning a Security Operations Framework

*****************************
ILLEGAL FOR NON-TRAINER USE******************************
To design a security operations framework:
1. Design a change management process for security. Managing change on
your network ensures that the security of your network is maintained when
you make changes to the network.
2. Design plan for daily security operations. By designing a plan for daily
security operations, you can ensure that all routine tasks related to security
are completed.
3. Design a plan for security support. A security support plan ensures that
users can escalate security related issues in an orderly and responsive
manner.
4. Create service level agreements for IT operations and support. SLAs for IT

operations and support ensure that all parties know what to expect from
each other.
5. Design a structure for optimizing security policies and procedures. Like
change management, optimization refers to changes that your security
policy may require; however, it is based less on physical changes to your
network and more on improving the overall design.

Key points
8 Appendix C: Designing an Operations Framework to Manage Security


Guidelines for Change Management

*****************************
ILLEGAL FOR NON-TRAINER USE******************************
Change management describes how you manage changes to your network so
that you ensure consistency and manageability. The objective of the change
process is to introduce new technologies, systems, applications, hardware, tools,
and processes, as well as changes in roles and responsibilities, into the IT
environment quickly and with minimal disruption to service.
Change management includes changes to all aspects of your network that are
relevant to the running, support, and maintenance of systems in the managed
environment. Change management includes hardware, communications
equipment, system software, applications software, processes, procedures,
roles, responsibilities, and documentation.
A change management plan has four phases:
 Identify. Defines condition that initiates the change management plan.
 Review. Defines the process for evaluating change.
 Approve. Defines how the decision is made to act on the change.
 Implement. Defines how the change will be implemented.


Key points
Appendix C: Designing an Operations Framework to Manage Security 9


Guidelines for Daily Security Operations

*****************************
ILLEGAL FOR NON-TRAINER USE******************************
Managing security on a network can be an overwhelming task for many IT
staffs. To ensure completion of daily operations tasks, define who will complete
each task, when each task must be completed, and how the task will be
completed.
Assignments of tasks will vary. Some tasks, such as monitoring network
security, might be accomplished by many people on a daily basis. Other tasks,
such as incident response preparation, may be the responsibility of a single
person and take several weeks to complete.
For more information on managing daily IT operations, see “Chapter 8:
Network Administration” of the Operations Guide for the Internet Data Center
Microsoft System Architecture Guide, at:
technet/itsolutions/idc/oag/oagc08.asp.
Key points
Additional readin
g

10 Appendix C: Designing an Operations Framework to Manage Security


Guidelines for Supporting Security Policies and Procedures


*****************************
ILLEGAL FOR NON-TRAINER USE******************************
To ensure that security issues are escalated and resolved properly and in a
timely manner, create processes for supporting network security.
There are three main phases to supporting network security:
 Support request management. Acts as the first point of contact for users
regarding security issues. Support requests are typically handled by first
level support administrators, such as help desk administrators, who can
gather the information that is required to escalate the support issue.
 Incident management. Resolves most security issues, including routine
requests such as account management and authorization requests. At this
stage, security administrators or network administrators typically resolve
support requests.
 Problem management. Resolves all issues not resolved in earlier phases,
including complex issues and security incidents. Support requests at this
phase are typically handled by security specialists and network engineers
who work closely with IT management.

Key points
Appendix C: Designing an Operations Framework to Manage Security 11


Guidelines for Using Service Level Agreements

*****************************
ILLEGAL FOR NON-TRAINER USE******************************
SLAs define support levels for policies and procedures. Organizations typically
use SLAs to provide a minimum expectation of service between departments in
order to ensure business continuity. You can also use SLAs to justify the use of
resources such as hardware, software, and personnel. Many organizations use

SLAs to award salary bonuses to departments based on the department’s
performance as measured against its SLA.
For more information on creating SLAs, see “Chapter 15: Service Level
Management” in the Operations Guide of the Internet Data Center Microsoft
System Architecture Guide, at:
itsolutions/idc/oag/oagc15.asp.
Key points
Additional readin
g

12 Appendix C: Designing an Operations Framework to Manage Security


Guidelines for Optimizing Security Policies and Procedures

*****************************
ILLEGAL FOR NON-TRAINER USE******************************
The goal of optimizing your organization’s security policies and procedures is
to lower cost and improve performance, capacity, and availability in the
delivery of IT services. By incorporating optimization measures in your
security operations design, you can help ensure that your organization’s
security policies and procedures will benefit from lessons learned during
ongoing support. Ideally, your organization will be able to better prevent
interruptions to network services, recover from security incidents more quickly,
and develop more effective security policies and procedures.
Failure to optimize your organization’s security policies and procedures may
result in the security policies and procedures quickly becoming obsolete and
ineffective.
Key points
Appendix C: Designing an Operations Framework to Manage Security 13



Security Policy Checklist

*****************************
ILLEGAL FOR NON-TRAINER USE******************************
Use the following checklist to guide your security design for ongoing network
operations.
Phase Task Details

Planning Model threats STRIDE (spoofing, tampering, repudiation,
information disclosure, denial of service and
elevation of privilege) and life cycle threat
models
Manage risks Qualitative and quantitative risk analysis

Phase Task Details

Building Create policies and
procedures for:
Designing a change management plan
Performing daily security operations
Supporting security issues
Optimizing and revising security policies and
procedures


Checklist




THIS PAGE INTENTIONALLY LEFT BLANK