Auditing IT Infrastructures for Compliance, 3rd Edition
by Robert Johnson, Marty Weiss, Michael G. Solomon
Maximizing C-I-A
Identifying security controls to protect data can be confusing. As with other domains, one effective way to ensure you have the right controls in place is to review how well you are maximizing the C-I-A properties of data security. If you can demonstrate that your controls are addressing the needs for data confidentiality, integrity, and availability, you have addressed the basic needs for data security.
Access Controls
Access controls play an important part in the System/Application Domain. Earlier in this chapter, you learned how an attacker could compromise your web server and attempt to access System/Application Domain components directly. If an attacker is able to compromise a computer in your DMZ and exploit a vulnerability ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access