Auditing IT Infrastructures for Compliance, 3rd Edition

Maximizing C-I-A

Identifying security controls to protect data can be confusing. As with other domains, one effective way to ensure you have the right controls in place is to review how well you are maximizing the C-I-A properties of data security. If you can demonstrate that your controls are addressing the needs for data confidentiality, integrity, and availability, you have addressed the basic needs for data security.

Access Controls

Access controls play an important part in the System/Application Domain. Earlier in this chapter, you learned how an attacker could compromise your web server and attempt to access System/Application Domain components directly. If an attacker is able to compromise a computer in your DMZ and exploit a vulnerability ...

Get Auditing IT Infrastructures for Compliance, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Auditing IT Infrastructures for Compliance, 3rd Edition by Robert Johnson, Marty Weiss, Michael G. Solomon

Maximizing C-I-A

Access Controls

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly