Results (
Vietnamese) 1:
[Copy]Copied!
• Roles and tasks—The System/Application Domain consists of hardware, operating system software, applications, and data. This domain includes hardware and their logical design. An organization’s mission-critical applications and intellectual property assets are here. It must be secured both physically and logically.We limited the scope of the System/Application Domain to reducing risks. These include the following: • Physical access to computer rooms, data centers, and wiring closets— Set up procedure to allow staff to enter secured area. • Server architecture—Apply a converged server design that employs server blades and racks to combine their use and reduce costs. • Server operating systems and core environments—Reduce the time operating system software is open to attack with software updates and patches. • Virtualization servers—Keep physical and logical virtual environments separate and extend layered security solutions into the cloud. Virtualization allows you to load many operating systems and applications in memory using one physical server. • System administration of application servers—Provide ongoing server and system administration for users. • Data classification standard—Review data classification standards, procedures, and guidelines on proper handling of data. Maintain safety of private data while in transport and in storage. • Software development life cycle (SDLC)—Apply secure software development life cycle tactics when designing and developing software. • Testing and quality assurance—Apply sound software testing, penetration testing, and quality assurance to fill security gaps and software weaknesses.
• Storage, backup, and recovery procedures—Follow data storage, backup, and recovery plans as set by the data classification standard.
• Data archiving and retention—Align policies, standards, procedures, and guidelines to digital storage and retention needs.
• Business continuity plan (BCP)—Conduct a business impact analysis (BIA) and decide which computer uses are most important. Define RTOs for each system. Prepare a BCP focused on those things that are most important for the business to keep going.
• Disaster recovery plan (DRP)—Prepare a disaster recovery plan based on the BCP. Start DRP elements for the most important computer systems first. Organize a DRP team and remote data center.
• Responsibilities—The responsibility for System/Application Domain lies with the director of systems and applications and the director of software development. This includes the following:
• Server systems administration
• Database design and management
• Designing access rights to systems and applications
• Software development
• Software development project management
• Software coding
• Software testing
• Quality assurance
• Production support
• Accountability—The directors of systems and applications and software development are accountable for the organization’s production systems and uses. Typically, the director of IT security is accountable for ensuring that the System/Application Domain security policies, standards, procedures, and guidelines are in compliance.
Being translated, please wait..