Abstract
The information security policy development lifecycle tends to lack focus on
the use of standard terms and semantics. This results in blurred outlines for monitoring,
evaluation, and enforcement of the security policy for the employees confusing
adhering to and implementing it, which leads to a lack of a process of publishing from
the security policy, end-user awareness, translation of high-level policy to lowest level
component configuration plans and actions to take in time of crisis. This leads to the
critical need to design an empirically tested, comprehensive security policy. This
chapter proposes bridging the gap between the high-level information security policy
descriptions and low-level network infrastructure security implementation. With new
and innovative technologies, such as Cloud, Remote Computing, Enterprise Mobility,
and e-commerce on the rise, network security has remained an ever-increasing
challenge. This chapter presents a security framework to bridge the gap between highlevel specification requirements and the low-level implementation phase for network
infrastructure security using the network architecture model with the security policies
associated with the network components required to be enforced. An architectural
model and a set of design-level security policies are considered to achieve the
framework design. Also discussed are the advantages and desired characteristics of the
model, relating to existing processes worked in the design area, and future research
directions are pointed.