1 / 19

Auditing IT Infrastructures for Compliance Chapter 12 Compliance Within the WAN Domain

Auditing IT Infrastructures for Compliance Chapter 12 Compliance Within the WAN Domain. Learning Objective. Use an appropriate framework to implement ISS compliance within the WAN Domain. Key Concepts. Compliance law requirements and business drivers for the WAN Domain

Download Presentation

Auditing IT Infrastructures for Compliance Chapter 12 Compliance Within the WAN Domain

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Auditing IT Infrastructures for Compliance Chapter 12 Compliance Within the WAN Domain

  2. Learning Objective • Use an appropriate framework to implement ISS compliance within the WAN Domain.

  3. Key Concepts • Compliance law requirements and business drivers for the WAN Domain • Devices and access controls for the WAN Domain and steps to maximize A-I-C • Policies, standards, procedures, and guidelines in the WAN Domain • Vulnerability management in the WAN Domain • Best practices for WAN Domain compliance requirements

  4. DISCOVER: CONCEPTS

  5. WAN Domain

  6. Business Drivers and Compliance • Availability of communications • Protecting data privacy • Secure data traveling across an untrusted network • Implementing proper security controls for the WAN Domain

  7. WAN Domain Access Control Lack of control for data traveling across a WAN.

  8. WAN Domain Access Control Protecting WAN traffic using encryption.

  9. Devices, Components, and Access Controls • WAN service provider • Dedicated lines/circuits • MPLS/VPN WAN or Metro Ethernet • WAN Layer 2/Layer 3 Switches • WAN Backup and Redundant Links

  10. DISCOVER: PROCESS

  11. A-I-C Triad

  12. Maximizing WAN Domain A-I-C • Requiring WAN service availability SLAs • Requiring WAN recovery and restoration SLAs • Requiring WAN traffic encryption/VPNs

  13. DISCOVER: CONTEXTS

  14. IT Security Framework for WAN Service Provider

  15. DISCOVER: RATIONALE

  16. Best Practices for WAN Domain Compliance • Map your proposed WAN architecture, including redundant and backup hardware and connections before establishing WAN service. • Update the network map any time you make physical changes to your network. • Establish multiple WAN connections to avoid any single point of failure. • Use load-balancing techniques on the multiple WAN connections to utilize the bandwidth of both connections.

  17. Best Practices for WAN Domain Compliance (Continued) • Develop a backup and recovery plan for each component in the WAN Domain. • Don’t forget to include configuration settings for network devices in your backup and recovery plans.

  18. Best Practices for WAN Domain Compliance (Continued) • Implement frequent update procedures for all operating systems, applications, and network-device software and firmware in the WAN Domain. • Monitor WAN traffic for performance and traffic for suspicious content.

  19. Summary • Business drivers for LAN-to-WAN and WAN Domains • Devices and access controls • IT-security framework • Vulnerability management • Best practices for LAN-to-WAN and WAN Domains

More Related