1. Network: The network should be designed with security in mind. Its structure must support the company’s policies, relevant laws and regulations, without impairing the organization’s ability to conduct business. The network should be logically and physically separated into distinct and manageable security zones. Traffic between the security zones must be inspected and filtered, to ensure that only authorized network use is permitted, and all access is recorded for future auditing. Multiple devices and methods should be used to ensure security across all parts of the network. In preparing this recommendation, network security design principles have been drawn from the Cisco SAFE Reference Guide  and the Council on CyberSecurity’s Critical Security Controls for Effective Cyber Defense Version 5.1 .
2. Physical Security: The physical layout of the company should be structured with security and access control as a primary concern, along with providing sufficient workspace for employees to work and collaborate. Just …show more content…
TRUSTED: All devices required for daily work in the company, that should not be accessible by the public, should be placed into the TRUSTED zone. However, the TRUSTED zone can be further divided into separate zones by physical or logical means to provide additional security and access control. This subdivision helps manage and enforce least privilege access to network resources.
4. MANAGEMENT: Devices dedicated to the management and control of other network resources should be placed in the MANAGEMENT security zone. These devices typically connect to dedicated management ports on other network resources. These connections to allow managers to remotely access a device, modify its configurations or perform administrative tasks on the resource. Additionally, network resources may be configured to send log files, periodic status messages or notifications to an administrator or management device across these