Technical Security Controls, commonly known as IT Security controls, is an important component for protecting your IT infrastructure of your organization. The IT Infrastructure protection has to ensure the data security. This can be achieved at various layers.
Let us take the following approach. An external party looking at your IT Infrastructure, the first thing they could see is the network infrastructure.
So the first step is to protect you Network Perimeter. This can be achieved via implementing Firewalls, Intrusion Detection Systems, and Intrusion Prevention Systems etc. The next step is to protect the computers exposed to the internet, for that you have to identify which all systems requires access from out side network, that is Internet. Pull them into a separate network, called de-militarized zone, set access privileges so that the access is restricted. This sets your network perimeter comparatively protected.
Internal Network is another component which requires attention. Logically divide your network and restrict access using VLANs. Establish VPN so that secure encrypted communications takes place from external users and third parties. Deploy Internet Proxy to route your internal internet requests. If you have wireless networks, mandate VPN for your wireless security.
Servers, they are the next component in focus. Server.s store, process or transmit your data. It is important to secure the servers and the best method is to harden the servers. Stop all unwanted services and disable ports. Enable logging, and monitor all logs. In addition, install Host Intrusion Detection System and monitor. Patch management is another important protection mechanism. This will protect you from getting exploited from known OS vulnerabilities.
Other computers, desktops, as well deserve similar respect like Servers. Protect them by deploying effective patch management and vulnerability management.
To protect the both servers and desktops from virus and other malicious code, deploy antivirus in your computers. Update the virus definitions regularly; it is a good idea to subscribe to the antivirus service provider. Virus exploits vulnerabilities, so Vulnerability Management is a important practice to follow.
Authentication is another key factor for protecting the computers from unauthorized access. An effective Identity Management and Access Management system will help your organization to establish Single Sign-on. Single Sign-on will help you establish an effective User Management. Another good point about Single Sign-on is the fact that users will need to remember only one user name and password for accessing information across the applications. So, Single Sign-on will help your users from writing down the various user accounts and passwords.
Next focus is on your Application. An application can be separated into 3 parts namely the Application program, the Application Server and the Database. We have to protect all of them. Perform an application code review and application security assessment. Plug the vulnerabilities and harden your application. Establish access control list and define who can access what application module. Application Servers are mostly vendor provided softwares. Establish vulnerability management for your Application Server ensuring the vulnerabilities are plugged. This will protect your applications from getting hacked, to a certain extent.
Protect your Database or data from unauthorized access, modification or destruction. There are several mechanisms you can follow. Here is a list of some of them.
- Establish access control mechanism and define who can access what data.
- Encryption of data. Encrypt the information wherever possible.
- Backup you data regularly
This article briefs you about the IT Security requirements for an effective Information Security Management System. This does not mean that the information above is comprehensive and it might require you to have additional technical controls in place to protect your IT Infrastructure.