Network Architecture Review
Network Architecture Review Information
A Network Architecture Review is a review and analysis of relevant network artifacts (e.g. network diagrams, security requirements, technology inventory, DMZ ) to identify how the network architecture and controls protect critical assets, sensitive data stores and business-critical interconnections in accordance with the organization’s business and security objectives.
Key activities include:
- Consult with members of the network architecture team and management to understand:
- the business goals and control objectives (security requirements) as they relate to data confidentiality, integrity, availability, and provability;
- ingress, egress, and intranet data flows/protocols (and corresponding security treatment);
- network architecture and key network components including security components;
- core technologies integral to the operations of the organization and/or those that the network is reliant upon to achieve its security objectives; and,
- core operational processes integral to the operation of the network
- Analysis against relevant standards, laws/regulations, and prevailing good practice; and,
- Formal reporting on the process, gap analysis, relevant findings, and mitigation roadmap. Where possible the report will also include: root cause analysis, peer-group benchmarking, good practice benchmarking, executive summaries, and technical summaries.
The predominant benefits realized by a Network Architecture Review are:
- Provides a high-level of design assurance by looking at the network and related security controls in a comprehensive and holistic manner;
- Findings can be used to identify other necessary assurance activities and to optimally focus downstream activities on relevant issues/targets for large scale enterprise level applications; and,
- Allows an entity to identify and address network security deficiencies that may negatively impact the security of the systems, databases, and applications that are dependent upon the network.
Network Architecture Review: Best Used
- When significant changes are planned or made to the network and assurance is required that the necessary security controls are in place to address said changes; and,
- When assurance is required that new/increased information technology risks relating to external changes (e.g., deployment of a new application, compliance with a new law/regulation) are mitigated to an acceptable level.