Project assignment :
nagiri
7-Domains.pdf
© 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Fundamentals of Information
Systems Security
Page 13 Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Seven Domains of a Typical IT
Infrastructure
Page 14 Fundamentals of Information Systems Security
© 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Lack of user awareness
User apathy toward policies
User violating security policy
User inserting CD/DVD/USB with personal files
User Domain Common Threats
User downloading photos, music, or videos
User destructing systems, applications, and data
Disgruntled employee attacking organization or committing sabotage
Employee blackmail or extortion
Page 16 Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Unauthorized workstation access
Unauthorized access to systems, applications, and data
Desktop or laptop operating system vulnerabilities
Desktop or laptop application software vulnerabilities or patches
Workstation Domain Common Threats
Viruses, malicious code, and other malware
User inserting CD/DVD/USB with personal files
User downloading photos, music, or videos
Page 18 Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Unauthorized physical access to LAN
Unauthorized access to systems, applications, and data
LAN server operating system vulnerabilities
LAN server application software vulnerabilities and software patch updates
LAN Domain Common Threats
Rogue users on WLANs
Confidentiality of data on WLANs
LAN server configuration guidelines and standards
Page 20 Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Unauthorized probing and port scanning
Unauthorized access
Internet Protocol (IP) router, firewall, and network appliance operating system vulnerability
Local users downloading unknown file types from unknown sources
WAN
LAN-to-WAN Domain Common Threats
Page 21 Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Open, public, and accessible data
Most of the traffic being sent as clear text
Vulnerable to eavesdropping
Vulnerable to malicious attacks
Vulnerable to Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks WAN
WAN Domain Common Threats
Vulnerable to corruption of information and data
Insecure Transmission Control Protocol/Internet Protocol (TCP/IP) applications
Hackers and attackers e-mailing Trojans, worms, and malicious software freely and constantly
Page 23 Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Internet
Brute force user ID and password attacks
Multiple logon retries and access control attacks
Unauthorized remote access to IT systems, applications, and data
Confidential data compromised remotely
Data leakage in violation of data classification standards
Remote Access Domain Common Threats
Page 24 Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Cloud
Computing
Unauthorized access to data centers, computer rooms, and wiring closets
Difficult-to-manage servers that require high availability
Server operating systems software vulnerability management
Security required by cloud computing virtual environments
Corrupt or lost data
Systems/Applications Domain Common Threats
