Risk And Risk In Information Security

723 Words3 Pages
“The protection of an organization’s information assets relies at least as much on people as on technical controls, but technical solutions, guided by policy and properly implemented, are an essential component of an information security program.” (Whitman, 2012, p.293). The System/Application Domain is the most valuable resource within the seven domains of a standard IT infrastructure. In fact, it can be intellectual property, private customer data or national security information. Data is what attackers seek deep within an IT system. Truly, safeguarding this information is the goal of every organization as loss of data is the greatest threat in the System/Application Domain. The more important the data, the more secure and encrypted it…show more content…
Mail servers receive and send e-mail for clients. Database servers host databases that are accessed by users, applications, or other servers. Domain Name System (DNS) servers provide names to IP addresses for clients, web servers and networking service servers. It is essential to protect servers using best practices such as “Payment Card Industry Data Security Standard (PCI DSS) requires that you store credit card information as encrypted data” (Solomon, 2016, p.171) as follows:
• Intrusion detection systems (IDSs).
• Use of Data loss security appliances.
• Role-based access control (RBAC).
• Change default passwords.
• Enable local firewalls.
• Specialized staff team.
• Regularly review security plans and perform annual security control audits.
• Annual Penetration test.
• System and application traffic and performance monitoring and analysis.
• Adhere to Documented IT security policies, standards, procedures, and guidelines.
Third, “a secured distributed application is the result of careful planning and the right security controls deployed in all domains. Because the System/Application Domain is where much of your data and applications reside, it is a good starting point for security controls.” (Solomon, 2016, p. 330). Therefore, hardening solutions, controls and security policies are needed to properly secure the System/Application Domain infrastructure as follows:
• Access control for staff and visitors to secure
Get Access