A Layered Security Architecture: Design Issues

System security is a key technology to the development and deployment of IT applications and services in a growing global network. Security is critical at various levels of the system. However, security solutions typically address a very specific vulnerability with little relation to the larger picture of secure information systems. Organisations have successfully implemented these solutions without knowing if all security requirements have been met or what impact these solutions have on other parts of the information system. The focus of this paper will be to identify the various layers that exist in large distributed systems, and to lay the groundwork for defining security requirements for each layer allowing for a mapping of security implications that each layer has on other layers. This will result in the design of a layered security architecture which could assist organisations in mapping out all required or successfully implemented security requirements at various levels of information systems.1