This is a multi-layered security plan. First, Assign people that are fully trained and/or provide the training that makes it possible to do the job. To prevent malicious software and etc. in the 7 domains of an IT infrastructure, you can isolate and install preventions for each domain. The domains are as follows: User Domain, Workstation Domain, LAN Domain, and LAN to WAN Domain, Remote Access Domain, WAN Domain, and the System/Application Domain.
The first part of the IT infrastructure is the User Domain. It is the weakest link in the IT infrastructure and this is where the users connect to the system. You can make the user aware to the risks and threats that they are susceptible to by holding an Awareness Training session. The system is password protected however; you should change passwords every few months to prevent an attack. Also, log the users as they enter and exit the system to make sure there’s no unauthorized access. While it’s the company’s choice to allow employees to bring in USB/Removable drives, you have a threat to someone obtaining the wrong information, or getting malicious software into the system. If you allow the USB/Removable drives, have a virus scan every time someone inserts one into a company computer.
In a Workstation Domain, you need to make sure virus protection is set up. You are protecting administrative, workstations, laptops, departmental workstations and servers, network and operating system software. You can enable password protection and auto screen lockout for inactive times, use workstation antivirus and malicious code policies, use content filtering and antivirus scanning at internet entry and exit, and update application software and security patches according to the policies and standards. You need to also make sure that the laptops are up to date on the anitivirus software.
The LAN domain will have all the protocols