10 Workstation Domain…Mitigation Strategies User awareness training logging anti-malware Accountability through an AUP
11 Network Service Domain For the purpose of this course, we will combine the domains for LAN, LAN-to-WAN, and WAN into the Network Service Domain
12 Network Service Domain Includes the equipment, cables, the wireless access, etc.Key document is the SLA
13 SLA: Service Level Agreement An agreement between the system provider and system user. Outlines provider responsibilities and defines realistic expectations to the users.
14 Network Service Domain Threats/Vulnerabilities/Unauthorized access, physical or otherwiseMalware attacksHardware vulnerabilitiesSupport staff threats/vulnerabilitiesMisuse of network resource by usersClear-text (unencrypted) data trafficDoSWireless attacks
15 Network Service Domain …Mitigation Strategies IDS – intrusion detection system, like SNORT. IPS – intrusion prevention system, like a firewall
16 Network Service Domain …Mitigation Strategies drop malicious packets, reset connection, block traffic from offending IP addresses, etc. set up a DMZ, …
17 Remote Access DomainAccessing the computing services from outside the boundary of the computing system.Smart phonesLaptop computersPDAsRemote usageWireless accessAccess to cloud resourcesSocial media access
18 Remote Access DomainThe AUP is the governing document
19 Remote Access Domain threat/vulnerability Theft or loss of electronic devicesTheft or loss of dataUnauthorized access (shoulder surfers)Clear-text data transferPoor security on personal devices.Reliability of cloud services
20 Remote Domain…Mitigation Strategies User awareness training Accountability through an AUP reliable authentication (MFA?) Data Encryption, etc
21 System/Application Domain The critical infrastructure of server systems, applications, and data.PayrollAccounting, purchasing, billingSalesIntellectual property, etc.Proprietary technologyPersonal information
22 System/Application Domain Threat/vulnerabilityUnauthorized accessHardware failureData lossMalwareFailure to keep systems and software up-to-date.Social engineering attacksetc
23 System/Applications Domain …Mitigation Strategies Awareness training Backup/RAID Physical security, Logging, Data/system integrity monitor Disaster recovery plan etc
24 System/Application Domain The governing document is the SLA.
25 Domain Group Assignments User/Workstation Green GroupNetwork Blue GroupRemote Red GroupSystem/Application Gold Group