Auditing IT Infrastructures for Compliance Chapter 10 Compliance Within the LAN Domain

1. Auditing IT Infrastructures for Compliance Chapter 10 Compliance Within theLAN Domain

2. Learning Objective • Describe information security systems compliance requirements within the LAN Domain.

3. Key Concepts • Compliance law requirements and business drivers for the LAN Domain • The steps to maximize availability, integrity, and confidentiality (A-I-C) for the LAN Domain • LAN Domain policies, standards, procedures, and guidelines • Vulnerability management in the LAN Domain • Best practices for LAN Domain compliance requirements

4. DISCOVER: CONCEPTS

5. LAN Domain

6. Compliance Laws and Business Drivers • Many organizations require a networking infrastructure with servers to accomplish business tasks • Compliance satisfies two main purposes: • Protects privacy • Ensures proper LAN security controls

7. LAN Domain Controls • Access controls • Communication controls • Anti-malware software • Recovery plans • Configuration change procedures • Monitoring tools • Software patch management

8. LAN Domain Devices

9. LAN Domain Devices

10. DISCOVER: PROCESS

11. A-I-C Triad

12. Maximizing LAN Domain A-I-C

13. DISCOVER: ROLES

14. Vulnerability Management

15. DISCOVER: CONTEXTS

16. Policies, Standards, Procedures, and Guidelines • LAN Domain controls that must satisfy policies: • Preventive • Detective • Corrective

17. Summary • LAN Domain compliance requirements and business drivers • LAN Domain devices and controls • Process to maximize availability, integrity, and confidentiality • The role of vulnerability management in the LAN Domain