This report focuses on the standard by addressing the three IT infrastructure domains that are affected by the “Internal Use Only’ data classification standard of Irishman Investments, where the communication of ATA does not leave the companies intranets and how each of the following IT Infrastructure domains: user, Workstation and LANA are affected by the standard. User domain is considered the weakest link in an IT infrastructure as employees can be motivated to violate company policies.
Areas of concern that can affect keeping data private, is: Lack of user awareness, because some users do not pay attention to what data is considered private and fail to secure data properly; Security policy violations, where some users continue to eave private data in the open where others can see it; Disgruntled employee purposely takes personal data to cause some sort of damage between the company and the customer; and Employee blackmail or extortion by threatening to distribute or sell the personal data in trying to obtain a promotion or monetary again.
Workstation domain consist of workstations (any electronic device that a user can connect to the companies IT infrastructure) to gain access to personal data using multiple resources. The areas affected by workstations, consist of: Unauthorized access because an employee did not lock their workstation, did not log off, or their user ID and password were compromised; A virus, malicious code or mallard infected the workstation from a user downloading non-business material from the internet; and a user violated the Acceptable User Policy (ALAS) by miss-using their authorized access to obtain personal data.
LANA domain is where any electronic device connects to one another using the company’s intranet (LANA Network), where resources can be shared. The affects caused by connecting o the LANA, consist of: Unauthorized access to LANA by not securing computer rooms, data centers and wiring closets where someone can obtain access to the company’s core systems and retrieve personal data; Rogue users scanning for WALL SAID broadcast allowing them to crack logon information to access the company systems; and Transmitting personal data via WALL connections can be compromised by someone from outside the company intercepting the transmissions.
Governed by laws to protect customer’s personal data, the company must have a strong security standard as part of he IT Security Policy Framework. Focusing on the data classification standard “Internal use Only”, the company needs to plan for any affects caused in the user, Workstation and LANA domains to prevent personal data loss or corruption.