The first thing to understand is what the standard for “internal use only” is. The definition of “internal use only” is “Information or data shared internally by an organization. While confidential information or data may not be included, communications are not intended to leave the organization.” What does that mean? It means that information being used by this classification is to be created, used, and distributed through the organization and nowhere else.
Let’s now explain the technical side of things. The IT infrastructure domains consist of 7 different domains. These domains are user domain, workstation domain, LAN domain, LAN-to WAN domain, remote access domain, system/application domain, and WAN domain. For the use of “Internal use only” classification it should only include the following domains. The following contains information on how “internal use only” classification is affected by these domains.
User domain- The user domain is by far the most vulnerable. This domain can be vulnerable by the employee’s actions, emotions, and awareness of company policies and procedures. It is up to the user to use the information correctly not necessarily up to the network protocols in place. The best way to mitigate this issue it to monitor abnormal behavior and have employees understand the company’s acceptable use policy.
Workstation domain- The workstation domain is how the user connect to the company’s IT infrastructure. It can be from workstations to personal data assistance devices. The desktop support group are the one responsible to maintaining this domain. They are the one insuring that the integrity of the users fall under the company’s acceptable use policy while the IT security personnel sets user access rights for the information.
LAN domain- The LAN domain is how the communication between users exist both physically and logically within the IT