1. For each of the seven domains of a typical IT infrastructure, summarize what the information systems security responsibilities are within that domain:
User domain- has the responsibility of authentication.
Workstation domain- the workstation defines the controls within the workstation itself, such as limiting who can install software on the workstation.
LAN Domain- encompasses the equipment that makes up the LAN.
LAN-to-WAN Domain- Responsible for the DMZ.
WAN domain- supplies the virtual private networks for companies.
Remote Access Domain- responsible for enhanced remote authentication and network connectivity.
System/Application domain- ...view middle of the document...
7. When using a layered security approaches to a system administration, who would have the highest access privileges?
When using a layered security approaches to a system administration the administrator would have the highest privileges.
8. Who would review the organizations layered approach to security?
The CISO (chief information security officer) would review the organizations layered approach to security.
9. Why do you only want to refer to technical standards in a policy definition document?
Because technical standards are requirements within the system that must be followed.
10. Why is it important to define guidelines in this layered security management policy?
Because there needs to be a balance between cost and return in risk reduction.
11. Why is it important to define access control policies that limit or prevent exposing customer privacy data to employees?
The data is private to the customer and should not be displayed in clear text to employee. The reason for this is because...