Security Assuring of optical fibre links
Result : The new network and desktop solution was accredited and residual risk accepted by the SIRO as within appetite and tolerance for the data being stored and processed on the systems.
Post Script: Describing this approach to seniors at a government agency contract security interview obtained a 4 year assignment to assist in another area where optical network security had become critical ( 2007-2010 ) see below :-
HMG Agency I1 – Research CCP Certified Skill
Situation : I was the IA consultant and proxy accreditor for a large network enterprise ( 2007 to 2100 )
Task : I assisted the development of large scale monitoring of network devices on the networks.
Activity : The enterprise to which I was attached was in the habit of using mirror ports to understand the nature of the traffic on the network.
A more secure method would have been to have a separate passive connection into each network but this had proved to be very expensive and not so effective as the use of the mirror port.
The data flows were meant to remain confidential to the businesses concerned and not be made available to communication providers and other parties.
I undertook considerable research into the methods whereby this problem could be solved and the ideal solutions were prohibitively expensive. My research and discussions with various manufacturers led to only one solution.
Result : After thought and discussion on the technical possibilities for solving this problem I set out means whereby detailed confidential logging of connections could take place to understand if unauthorised connections had taken place and to arrange confidential reporting of these events.