The System/ Application Domain involve servers that host server-level applications. Mail servers hand receipt and sending of e-mail. Database servers host databases that are accessed by users, applications, or other servers. DNS servers provide names to IP addresses for clients. To protect this domain the following methods should be utilized; removal of unnecessary services and protocols, changing of default passwords, regular patch and updates, enable local firewalls. The major threats to these areas are unauthorized access, hardware failure, and data loss. Since the system/ application domain consists of all of a business’s mission-critical systems, applications, and data it is important to ensure that this domain is secure at all times. Failure to do so will result in large amounts of sensitive information as well as the threat of having productions cease to function. Unauthorized physical access is gaining access to a physical entity without permission. This is potentially dangerous because if an individual were to gain such access they could destroy the systems and data within the systems. This threat is centered on access to such places as data centers with a great deal of sensitive information. To prevent unauthorized physical access policies, standards, procedures and guidelines must be followed. For example, all guest must be escorted by an employee at all times. Staff should immediately report any suspicious activity and question persons that do not have an employee ID or batch visible. Software vulnerabilities is a flaw that exists in the creation stage of software or systems that allow an attacker to gain unauthorized access to the system. These vulnerabilities are most commonly malicious software such as malware. Software vulnerabilities can allow an attacker to steal, alter, or destroy sensitive data. Ensuring that security updates are