System classification
In the previous chapter, we covered network segmentation and placing systems of high value and criticality to the enterprise in segmented areas of the network. In order to identify these systems, it is necessary to understand the important business processes and applications to determine what hosts maintain both. As with any classification model, there should be tiers based on criticality. There will be several "important" systems, but some are truly critical to business operations and others can be offline for a longer period before business is affected. The tiers of classification should have a criteria for each level to ensure all security and availability requirements are met as per the defined tier such as the business processes impacted. The tier classification may also include service-level agreement information based on how the system is to be connected to the network, expected recovery times, and the priority of security incidents involving the systems. The...
