7 domains of IT infrastructure where network security is implemented
The “Internal Use Only” data classification standard protects the company by limiting outside access to company information such as internal memos, meetings times/lengths, or internal project reports. Where the loss of such things would likely not result in serious financial loss to the company but would in convince management and might tarnish the company’s reputation. This security policy will touch 3 main domains: User, Workstation, and Lan Domains.
The “Lan Domain”, this domain will be protected by limiting access to the companies infrastructure. This will include but will not be limited to: Background checks on any and all field support technicians, and limited access for all employees to data closets and server rooms (i.e. locked doors, fingerprint scanners, etc.). These precautions will help insure the integrity of the network at the lowest level.
The “Workstation Domain”, this domain includes all company workstations. Only workstations approved by and set up by the company will be allowed on the network. Absolutely NO PERSONAL DEVICES will be allowed on the network without explicit permission from IT and these devices will be set up as to allow IT full access to all files and folders on the device at any given time should the need arise. All workstations will be updated, patched, and scanned regularly. Prior to all users using these workstations, management must first approve their account to be set up. Then the user will be given a username and passcode that must meet standard strong password parameters. Removable media will not be permitted unless provided by the company for official use only. Lastly AD groups will be used to control which users have access to what data on the network to ensure only users with proper authorization will have access to data in question.
The “User Domain” will use an “Acceptable Use Policy” to define what users and vendors can or cannot do...