Introduction to Information Security
Project part 1
Security Domains and Strategies
Safety of data and information is a real important aspect of a company. Before we can create an outline for general security solutions we must first define what is needed. I recommend that we use a multi-layered security plan. There are a total of seven domains of an IT infrastructure including user domain, workstation domain, LAN domain, LAN-to-WAN domain, WAN domain, remote access domain, and system/application domain. User domain is essentially the people who access the information system. User domains tend to receive risk due to the user’s carelessness due to lack of awareness, not caring for policies, and security violations. These can easily be rectified with training. Conduct security awareness training, display security posters around the office, and send email reminders to keep the policies fresh in the employee’s mind. Another common threat is caused by employee misuse of the system. Employees might insert USB drives, or download photos music and videos. These items might contain virus’s which in turn damages the system. The USB ports should be disabled and content filtering and antivirus scanning should be enabled. Workstation domain is any device that connects to the network. A few threats might be encountered are unauthorized access to the workstation and unauthorized access to applications and data. These issues can be mitigated simply by enabling password protection on workstations and by defining strict access control policies. LAN domains are a collection of computers connected to one another. Threats for LAN domains include unauthorized access to the LAN, and unauthorized access to systems applications and data. The solutions for these threats are similar to that of the workstation domain. Another major threat are confidentiality of data transmissions via WLAN connections is compromised. Implementation of encryption between...
Please join StudyMode to read the full document