Project assignment :

nagiri
7-Domains.pdf
Home>Computer Science homework help>Project assignment :

© 2012 Jones and Bartlett Learning, LLC www.jblearning.com

Fundamentals of Information

Systems Security

Page 13 Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com

Seven Domains of a Typical IT

Infrastructure

Page 14 Fundamentals of Information Systems Security

© 2012 Jones and Bartlett Learning, LLC www.jblearning.com

 Lack of user awareness

 User apathy toward policies

 User violating security policy

 User inserting CD/DVD/USB with personal files

User Domain Common Threats

 User downloading photos, music, or videos

 User destructing systems, applications, and data

 Disgruntled employee attacking organization or committing sabotage

 Employee blackmail or extortion

Page 16 Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com

 Unauthorized workstation access

 Unauthorized access to systems, applications, and data

 Desktop or laptop operating system vulnerabilities

 Desktop or laptop application software vulnerabilities or patches

Workstation Domain Common Threats

 Viruses, malicious code, and other malware

 User inserting CD/DVD/USB with personal files

 User downloading photos, music, or videos

Page 18 Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com

 Unauthorized physical access to LAN

 Unauthorized access to systems, applications, and data

 LAN server operating system vulnerabilities

 LAN server application software vulnerabilities and software patch updates

LAN Domain Common Threats

 Rogue users on WLANs

 Confidentiality of data on WLANs

 LAN server configuration guidelines and standards

Page 20 Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com

 Unauthorized probing and port scanning

 Unauthorized access

 Internet Protocol (IP) router, firewall, and network appliance operating system vulnerability

 Local users downloading unknown file types from unknown sources

WAN

LAN-to-WAN Domain Common Threats

Page 21 Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com

 Open, public, and accessible data

 Most of the traffic being sent as clear text

 Vulnerable to eavesdropping

 Vulnerable to malicious attacks

Vulnerable to Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks WAN

WAN Domain Common Threats

Vulnerable to corruption of information and data

 Insecure Transmission Control Protocol/Internet Protocol (TCP/IP) applications

 Hackers and attackers e-mailing Trojans, worms, and malicious software freely and constantly

Page 23 Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com

Internet

 Brute force user ID and password attacks

 Multiple logon retries and access control attacks

 Unauthorized remote access to IT systems, applications, and data

 Confidential data compromised remotely

 Data leakage in violation of data classification standards

Remote Access Domain Common Threats

Page 24 Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com

Cloud

Computing

 Unauthorized access to data centers, computer rooms, and wiring closets

 Difficult-to-manage servers that require high availability

 Server operating systems software vulnerability management

 Security required by cloud computing virtual environments

 Corrupt or lost data

Systems/Applications Domain Common Threats