Best practices for it infrastructure security policies

Sample Discussion 1

Security is one of the most important functions an organization must incorporate. Regardless of how organizations are assuming all security measures are in place, many times this isn’t enough. Ensuring this is a priority not only protects the company from hacks but also prevent fines and worst-case scenario, loss of trust which will cripple the organization income.

First, the LAN domain is where all the hubs, switches, routers, and workstations reside. This domain is also a trusted zone. Some of the risks involved in this domain includes worm that can infect all systems connected and unauthorized user access into the workstation.

            Second, WAM domain which is a Wide Area Network. As the name implies, this domain covers a large geographic area. Some of the risks involved in this domain includes, network outages and the possibility of a DOS or DDOS attack to the server.

            Third, the system/application storage domain. A user accessed server. Used for email and database. A very secure domain to ensure businesses doesn’t lose sensitive data and the threat of losing productivity. Some of the risks includes, DOS attack and SQL injections which can result in data corruption.

            Lastly, remote access domain. Allows users to access the local network remotely from anywhere regardless of the what internet connection they may be connected to. This has to be protected with a VPN of course. Some of the risks include slow and poor connection, risk of hack due to remote connection from outside the network can be unsecure.

We are going to focus on the system/application storage domain. This is a very important domain as addressed above. This is because this domain must be protected at all times to minimize the risk of losing confidential and sensitive data. But despite the protection this domain is provided, some of the more common threats related to this domain is the operating system such as the desktop and server, email application, etc. Looking at software vulnerability, this is an easy way to exploit this domain. This is due to software having vulnerabilities and it is impossible to write perfect code that is free of any vulnerabilities. The vulnerabilities are then easily exploited by malware which is usually accidently installed by the user. What these vulnerabilities can be damaging to a corporation, they can be used to steal information or remain for a long ride to monitor or be used as keyloggers. Protecting from these attacks is not easy but ensuring all system updates are installed will help with the mitigation of the risks. Companies are always releasing updates to help correct vulnerabilities shortly after discovery. Another best practice is monitoring the systems for any suspicious software or behavior to help detect malware early.

Policy flexibility is essential to a company as it helps to keep the organization ready and mobile for any changes that will need to be made when new technology and business needs evolve. Because the policy is flexible, policies can continue to grow instead of having create new ones without a starting point which in turn saves a significant amount of time. This is an organization that is not looking to remain constant but instead change with time.

Cohesiveness is another well best practice that is essential to any corporation. A critical measure in security is ensuring that all are on the same page. This means working together collectively and making decisions as a team. Allowing other members to take part of the decision regarding policy helps all members to be aware of the business process.

Coherency, teamwork between employees to be able to have a policy to ensure work is performed and business is well structured. This will help decide on a common policy amongst all members of a team.

Ownership is an individual responsible such a senior management to look at changes that are presented by the team. According to the Cyber Security Ownership and Responsibility, the ownership of the strategy and agenda assists in coordinating inputs and advice and approve changes. Decision amongst the group is essential where a high-level management will make the final decision.

Creating your own policy from scratch and modifying existing policies will depend entirely on the business objectives. The policy will help provide support to an organization on how to carry out work properly. Building a policy from scratch is a waste of time so recommending modifying is the best approach. Ensuring the policy created from the beginning is dynamically capable of evolving as the company evolves is critical in this policy.

Finally, the IT framework selection, the three mentioned above. This was saved for last due to how important the framework selection is. In order for any of the top three to be successfully, a proper IT framework must be selected. What framework selection is made can entirely depend on the on the organization and its needs and functions.

RESOURCES:

Cyber Security Ownership and Responsibility. (2016, March 14). Retrieved from https://freeformdynamics.com/information-management/cyber-security-ownership-and-responsibility/

Christina.robinson@nist.gov. (2019, March 18). NIST Risk Management Framework Webcast: A Flexible Methodology to Manage Information Security and Privacy Risk. Retrieved from https://www.nist.gov/news-events/events/2019/02/nist-risk-management-framework-webcast-flexible-methodology-manage

Sample Discussion 2

These will be the four best practices in the domains for IT infrastructure security policies not for the user domain.

· The institutional requirement will drive the implementation.

· The secure access will have to be reflected if goes to the cloud.

· The method should be a force for corporate properties without relating to the devices.

· It should be created base on mobility (Phifer, 2011).

These will be the four best practices in the domains for the IT infrastructure security policies except the User Doman.

1. The institutional requirement will give a drive for implementation: Some businesses use legacy remote access infrastructure and it determines the types used by the system and who can receive access from it. This is caused when it is unable to provide safe access using a home computer or a smartphone. It will be a portal for the mobile connection which is used for authentication, wireless communication that is encrypted and is used by one of the smartphones. There is a safe remote access solution, which has a limitation. When stocking the business access, it has needs as it relates the risks. It can map for possible solutions and uses the appropriate usage policy. Using a non-traditional way will be safe for access. There will be other alternatives which could aid the problems. There is a top-down requirement and a risk assessment (Phifer, 2011).

2. Relating secure access as it comes to the cloud: The remote access users’ needs a safe access when it comes to the network and secure access for the application and the messaging. These will provide a solution such as Exchange ActiveSync and the TLS-secured Outlook Web Access and these solutions will meet the need but cannot help with the other applications. Many employers can relate this to the user for their tablets, and smartphones when it shifts to the corporate VPN, for more capabilities as it becomes available. With the development, using the cloud service, it makes transferring in the selected application and it is more sensible. A stable cloud app can be rented for SMB in a simple process and not installed as an app for the in house. An endpoint agnostic can be done by a cloud service provider, which reflects a safe access for the application. The SMBs can receive this by email, CRN, and the ERF schedules, also using file sharing and a secured side known for teleconferencing. This does not satisfy, for corporate remote access requirements. The SMBs will see some major changes with these applications as it integrates with the provider for a secured server side. When it comes to the cloud application, the cloud intranet can be used and it allows the remote workers to have a safe environment even when not entering the corporate network (Phifer, 2011).

3. It can apply for the corporate properties instead of the device: With the independence for endpoint devices, it will play a large role in entertaining the remote access. But it does allow for the access to be in a wide array of devices but this does not mean overlooking it. As it comes to the devices, for it many types even for the protection in posture. Several remote-access VPN can recognize the endpoint system for characteristics, it evaluates the risks, and it can be installed for the necessary security programs and for configuration. This is done without an IT and user support feature. In the VPN for best practices, look and then jump, which is a constraint for the system form and its ownership. The tablets and smartphones can never hold for the same rigorous check that the notebook and laptops reflect by. The users for the non-corporate platforms can use the features for a fair standard for privacy. It can focus on the security strategies for securing the company assets and not the tools that is used to access them and avoid circumventing for a drain. This is shown by leaving the environment for the center. The endpoint computer can be isolated from the VDI alternative for the work environment (Phifer, 2011).

4. It will be constructed for mobility: When it comes to the new content and the communication tools this provides for implementing a mobile feature first for mentality. This wise advice can be used to protect and stop using safe access remotely. The modern endpoints will be roaming, it can be mobile during the business day, even for office and the home environment or a hotel. It cannot give all the remote access for the traffic as it reaches the corporate network via a perimeter system. As it relates to the risks, it can be different as these devices move between the public and the private networks. This reflects reliable and gap-free security, and it is required. The approach for the operation both on-and-off premises will determine the safe access extension or the alternative. The VPN clients reflect on JunOS Pulse and Cisco AnyConnect, for location-awareness, for transparent switching between security policies that can be suited for these networks. When using connectivity it aides and keeps the users logged in for the coverage gaps. Also, it reduces the impact for protection, when roaming occurs. The broken and duplicated policies can only frustrate for the consumer and it can be costly for the manager and this leads to errors. There can be a centralized compliance for the implementation and this does help with the IT (Information Technology) implement process. It will relate a clear access which is right for the enterprise as it wanders over the feature (Phifer, 2011).