|
Digital Information
Security Domains
In the world of Information Technology (IT)
security practices, there is no a clear definition of what is a Security Domain,
at this time. Different IT security practitioners have their own definitions
for the Security Domains that they think make sense.
So what generally is a Security Domain? To us in
TNS, a Security Domain is composed of a group of similar security-related items
or issues. When put together under a common category, these become a Security
Domain.
In order to help our clients protect their
information, over the years we have developed and continued to enhance the
following Security Domains:
Office Communication Equipment
 |
Copier |
|
Fax |
|
Modem |
|
Pager |
|
PBX |
|
PDA |
|
Phone |
|
Printer |
|
Radio |
|
Video Conference |
|
Two-way Radio |
|
Web Cam |
Communication Media
|
CD / DVD |
|
Data & Phone Cables |
|
Fiber Optic Cable |
|
Floppy, Zip & Other Disks/Drives |
|
Hard Disk |
|
Key Chain Storage / Flash Memory |
|
Letter / Memo / Email |
|
Printed Document |
|
Tape |
|
Wireless |
Computer Equipment
|
Authentication Enforcement |
|
Disaster Recovery |
|
File Encryption |
|
File System Monitoring & Security |
|
Forensic Investigation |
|
Intrusion Detection & Response |
|
Litigation Support |
|
Operating System Hardening |
|
OS Security Patch |
|
Security Audit (Internal) |
|
Security Assessment (External) |
|
Security Certificate (CA) |
Telecommunication Infrastructure
|
ATM |
|
xDSL |
|
Frame Relay |
|
ISDN / Analog Phone Line |
|
T1 / T3 |
|
VPN |
|
Wireless |
Network
(Extranet, Internet & Intranet)
|
Authentication Enforcement |
|
Disaster Recovery |
|
Forensic Investigation |
|
Intrusion Detection & Response |
|
Network System Hardening |
|
Network System Monitoring |
|
Network System Security Patch |
|
Network System Security |
|
Network Traffic Encryption |
|
Security Audit (Internal) |
|
Security Assessment (External) |
|
Security Certificate (CA) |
Organizational Security Policy
|
Computer OS & Application Control |
|
Business Environment |
|
Business Processes |
|
Electronic Data Disposal |
|
IT Legal |
|
Litigation Support |
|
Personnel Background Check |
|
Personnel Background Review |
|
Production & Non-Production Networks |
|
Security Checks & Balances |
|
User Training |
|
Universal Time Source |
Physical
|
Data Center / Server Room |
|
Data Closet |
|
Keyless/Badge Door |
|
Listening Devices |
|
MPOE |
|
Video Surveillance |
Social
|
Commercial Espionage |
|
Social Engineering |
After assessing and reviewing all these domains, our next step is to make sure
we can apply resources to them to ensure that the security of any given
organization is sound. Depending on the nature of the business, not all
organizations will need to worry about each item in every domain as some may not
be relevant.
Information of
any sort is and will continue to be one of the most invaluable assets any
organization possesses. Keeping this information secure is an on-going
challenge to IT security professionals. Information security is not a matter of
risk elimination. It is a matter of risk management. There will never be an
unbreakable security system, but by knowing the risk potentials, we can
effectively manage the risk.
According to an
FBI survey released January 19th, 2006, dealing with viruses, spyware, PC theft
and other computer-related crimes costs U.S. businesses a staggering $67.2
billion a year. The FBI calculated this cost by extrapolating results from a
survey of 2,066 organizations. The survey found that 1,324 respondents, or 64
percent, suffered some financial loss from computer security incidents over a
12-month period. The average cost per company was more than $24,000, with the
total cost reaching $32 million for those surveyed.
By
Benson Yeung, Senior Partner
Back to Top 
Information Request Form
|
