IT Infrastructure Security Policies
IT Infrastructure Security Policies Defining policies for every domain of an IT infrastructure breaks down in depth how each entity should be properly used. The policies should also identify the key players that will play a key role in ensuring optimum use of all devices, as well as establishing and maintaining security throughout the process of information traveling through the Infrastructure. Here are some best practices to keep in mind when defining policies for a few of the domains within the infrastructure:
Workstation Domain
Who: End Users, IT Staff
What: Physical and Logical Security
When: Physical security is important before and after it is accessed by authorized personnel, and Logical security is important during end-user use of a workstation
Why: Physical security must be maintained, because no matter what logical measures are taken, if an unauthorized person is able to gain hands-on access directly to a workstation, they can wreak havoc on the organization’s systems. Since we never know who may be around, it is equally as important to lock or logout of a workstation when leaving the desk, and never leave passwords near it. IT Staff needs to ensure all systems have the appropriate software for both day-to-day operations, as well as workstation security are installed to prevent the need to download more additional software, and prevent malware from being loaded into the system.
WAN Domain
Who: Any personnel needing a connection to the Internet, IS department, Management
What: Connections outside the local area (LAN)
When: Before connecting to the Internet, and while using the Internet
Why: Management should define the policies for the reason to use the Internet, how to use the Internet, responsibilities of the person online, and consequences for in appropriate use. This will allow the IS department to take measures to ensure security over the Web, while still allowing for successful business to be conducted.
Remote Access Domain
Who: Remote access
Workstation Domain
Who: End Users, IT Staff
What: Physical and Logical Security
When: Physical security is important before and after it is accessed by authorized personnel, and Logical security is important during end-user use of a workstation
Why: Physical security must be maintained, because no matter what logical measures are taken, if an unauthorized person is able to gain hands-on access directly to a workstation, they can wreak havoc on the organization’s systems. Since we never know who may be around, it is equally as important to lock or logout of a workstation when leaving the desk, and never leave passwords near it. IT Staff needs to ensure all systems have the appropriate software for both day-to-day operations, as well as workstation security are installed to prevent the need to download more additional software, and prevent malware from being loaded into the system.
WAN Domain
Who: Any personnel needing a connection to the Internet, IS department, Management
What: Connections outside the local area (LAN)
When: Before connecting to the Internet, and while using the Internet
Why: Management should define the policies for the reason to use the Internet, how to use the Internet, responsibilities of the person online, and consequences for in appropriate use. This will allow the IS department to take measures to ensure security over the Web, while still allowing for successful business to be conducted.
Remote Access Domain
Who: Remote access