Transparency at the Point of Creation permits transparency at the point of product evaluation and product selection, and it permits transparency at the point of delivery – when the product is inserted as part of a system delivering service in the network. Without transparency at the source of this life cycle, ambiguity and obscurity persist throughout and it creates the problems discussed in previous chapters.

In this chapter the benefits that can be derived from applying the rigor of a good security framework will be addressed. It is primarily to argue that the notion that security is too hard is no longer defensible. Investing in hardening the products at the start does not need to be a business disabler; it is quite the opposite. Security can help businesses and organizations promote quality, lower operating costs, compete better and engender trust. Who is against good quality, lower operating costs, competing better and being considered trustworthy?

The X.805 standard is such a framework – a framework that allows the product and solution developers to establish what kind of security should be applied by first determining the role to be played. For instance, a computer server is generally assigned a role and the security should be appropriate for that role. A network switch is the same. These roles begin to define the ...