In the User Domain the first thing that should be done is create an acceptable use policy (AUP). An ASAP defines what users are allowed to do with organization-owned IT assets. Violation of the terms defined in the ASAP can be grounds for discharge. We will require staff and other 3rd parties to sign a privacy agreement to keep private data confidential. In addition to signing a privacy agreement, some positions may require criminal background checks to help ensure security. Here at Irishman Investments we need to conduct security awareness training.
The Workstation Domain is where most users connect to the IT infrastructure. A Workstation can include a computer, smartened or any other device that connects to our network. Staff should not have excessive access to the system or any application not needed to be productive. This includes restricting applications like media players, or internet explorer. The Workstation domain needs additional layers of security which means implanting login IDs and passwords to protect entry into the IT infrastructure.
The next domain is the LANA Domain, which consists of two parts, physical and logical. Make sure wiring closets, data centers, and computer rooms are secure. We do not want unauthorized access to the LANA so we must require strict access control policies and procedures. Use WALLA network keys that require a password for wireless access. We must also implement encryption between workstation and WAP to maintain confidentiality. Connecting to the internet is opens up a lot of back doors for cybernetics’s and most internet traffic is clear text which means its visible to anyone.
In the LANA-to-WAN Domain, local users can download unknown file type attachments from unknown sources so we must apply file transfer observing, scanning, and alarming for unknown file types from unknown sources. We must enforce Irishman Investment’s Internal Use Only data lactation’s standard through a multitude of efforts including applying strict security monitoring controls for invasion detection and prevention. The WAN Domain represents the 5th component in the IT infrastructure which is the second most complex area to secure.
Use encryption and VPN tunnels for end-to-end secure IP communications. When traveling over the internet data may be corrupted for multiple reasons, therefore we must backup and store data in an off-site data center with tested recovery features. The Remote Access Domain connects remote users to the company’s IT infrastructure using many different mobile devices. We must set automatic blocking for multiple failed login retries. Unauthorized access to IT systems, applications, and data are customary in this area.
We must apply first and second level security measures for remote access to sensitive systems. Finally is the System/Apposition, which carries all mission-critical systems, applications, and data. We must define a liability window for server operating systems for system updates or maintenance to maintain a hardened environment. Server closets and computer rooms need be accessed by only personnel who need those assets for their part in the company. The user is the weakest link in security. With all procedures, rules, and policies in place, even the most highly trained professional can make a mistake.
This is why there are so many different layers to a secure environment, to try to lessen those risks, threats, and weaknesses. This is why it is important to conduct regular staff evaluation and regularly review the security plans for each of the seven domains. No one group can completely control a person’s behavior, which is why we must be prepared for nasty, unqualified, and thoughtless users.