Best practices for it infrastructure security policies

Sample Discussion 1

Security is one of the most important functions an organization must incorporate. Regardless of how organizations are assuming all security measures are in place, many times this isn’t enough. Ensuring this is a priority not only protects the company from hacks but also prevent fines and worst-case scenario, loss of trust which will cripple the organization income.

First, the LAN domain is where all the hubs, switches, routers, and workstations reside. This domain is also a trusted zone. Some of the risks involved in this domain includes worm that can infect all systems connected and unauthorized user access into the workstation.

Second, WAM domain which is a Wide Area Network. As the name implies, this domain covers a large geographic area. Some of the risks involved in this domain includes, network outages and the possibility of a DOS or DDOS attack to the server.

Third, the system/application storage domain. A user accessed server. Used for email and database. A very secure domain to ensure businesses doesn’t lose sensitive data and the threat of losing productivity. Some of the risks includes, DOS attack and SQL injections which can result in data corruption.

Lastly, remote access domain. Allows users to access the local network remotely from anywhere regardless of the what internet connection they may be connected to. This has to be protected with a VPN of course. Some of the risks include slow and poor connection, risk of hack due to remote connection from outside the network can be unsecure.

We are going to focus on the system/application storage domain. This is a very important domain as addressed above. This is because this domain must be protected at all times to minimize the risk of losing confidential and sensitive data. But despite the protection this domain is provided, some of the more common threats related to this domain is the operating system such as the desktop and server, email application, etc. Looking at software vulnerability, this is an easy way to exploit this domain. This is due to software having vulnerabilities and it is impossible to write perfect code that is free of any vulnerabilities. The vulnerabilities are then easily exploited by malware which is usually accidently installed by the user. What these vulnerabilities can be damaging to a corporation, they can be used to steal information or remain for a long ride to monitor or be used as keyloggers. Protecting from these attacks is not easy but ensuring all system updates are installed will help with the mitigation of the risks. Companies are always releasing updates to help correct vulnerabilities shortly after discovery. Another best practice is monitoring the systems for any suspicious software or behavior to help detect malware early.

Policy flexibility is essential to a company as it helps to keep the organization ready and mobile for any changes that will need to be made when new technology and business needs evolve. Because the policy is flexible, policies can continue to grow instead of having create new ones without a starting point which in turn saves a significant amount of time. This is an organization that is not looking to remain constant but instead change with time.

Cohesiveness is another well best practice that is essential to any corporation. A critical measure in security is ensuring that all are on the same page. This means working together collectively and making decisions as a team. Allowing other members to take part of the decision regarding policy helps all members to be aware of the business process.

Coherency, teamwork between employees to be able to have a policy to ensure work is performed and business is well structured. This will help decide on a common policy amongst all members of a team.

Ownership is an individual responsible such a senior management to look at changes that are presented by the team. According to the Cyber Security Ownership and Responsibility, the ownership of the strategy and agenda assists in coordinating inputs and advice and approve changes. Decision amongst the group is essential where a high-level management will make the final decision.

Creating your own policy from scratch and modifying existing policies will depend entirely on the business objectives. The policy will help provide support to an organization on how to carry out work properly. Building a policy from scratch is a waste of time so recommending modifying is the best approach. Ensuring the policy created from the beginning is dynamically capable of evolving as the company evolves is critical in this policy.

Finally, the IT framework selection, the three mentioned above. This was saved for last due to how important the framework selection is. In order for any of the top three to be successfully, a proper IT framework must be selected. What framework selection is made can entirely depend on the on the organization and its needs and functions.