The Security Policy Management Maturity Model

There are many challenges involved with security policy management.

Increased network complexity together with demands on business agility have made the traditional, manual approach to security policy management untenable. As network security devices continue to evolve, so too must security policy management. Security policies are in place to not only block malicious traffic, but also to enable connectivity and business productivity.

Each organization’s security policy maturity level depends on the level of analysis, automation and process. This can involve security administrators, network operations, compliance officers, application owners and senior management. It requires optimizing policies, understanding application connectivity requirements, ensuring more granular control and orchestrating policies through a streamlined process that enables stakeholders to quickly respond to changing business needs.

This paper examines the four stages of the security policy model – manual, automated analysis, automated processes and finally application-centric. It explains how it can help organizations their current environment and provides a road map for improvement in their security policy management. As organizations move farther along the maturity model, they will experience significant