1. For each of the seven domains of a typical IT infrastructure, summarize what the information systems security responsibilities are within that domain:
User domain- has the responsibility of authentication.
Workstation domain- the workstation defines the controls within the workstation itself, such as limiting who can install software on the workstation.
LAN Domain- encompasses the equipment that makes up the LAN.
LAN-to-WAN Domain- Responsible for the DMZ.
WAN domain- supplies the virtual private networks for companies.
Remote Access Domain- responsible for enhanced remote authentication and network connectivity.
System/Application domain- Responsible for software for collecting and storing data.
2. Which of the seven domains of a typical IT infrastructure requires personnel and executive management support outside the IT or information systems security organizations?
The user domain requires personnel and executive management support outside the IT or information systems security organizations.
3. What does separation of duties mean?
Separation of duties is a classic security method to manage conflict of interest, the appearance of conflict of interest, and fraud.
4. How does separation of duties throughout an IT infrastructure mitigate risk for an organization?
It restricts the amount of power held by any one individual. It puts a barrier in place to prevent fraud that may be perpetrated by one individual.
5. How would you position a layered security approach with a layered security management approach for an IT infrastructure?
I would make sure that protocols in each layer correspond and function together. This way you can position the higher protocols with higher ones and lower with lower ones.
6. If a system administrator had both the ID and password to a system, would that be a problem?
No because the administrator has permissions to log in and make changes to a system....