Policies for the seven domains of a typical IT infrastructure

User Domain policy – Clean desk policy would be a user domain policy. It would ensure that confidential hard copies of data aren’t left in plain view.

Workstation Domain – This domain would have an encryption policy. This would ensure that all PCs, laptops, and mobile devices are safeguarded with full-disk encryption and ensure confidentiality of the organization’s data.

LAN Domain – Configuration Change Control policy. This policy would enforce the documentation of baseline hardened configurations of all devices (PCs, printers, routers, IDS, internal firewall etc.) on the Local Area Network and monitoring and tracking of any changes. This would prevent authorized changes and prevent vulnerabilities from creeping into the LAN domain.

LAN to WAN Domain – It would have a perimeter firewall policy. This policy would enforce the implementation and configuration of a perimeter firewall, as well as ensure that its logs are monitored diligently.

WAN Domain – An Access Point policy would be important for this domain to root out security concern that can occur when two or more LANs are connected. It can handle the bandwidth, traffic segmentation, and address range issues.

Remote Access Domain – The VPN policy would be typical for this domain. This ensures all remote connections are secure, through an encrypted tunnel, and maintain confidentiality and integrity of data in transit.

System/Application Domain – Patch Management Policy on this domain would help timely patching of operating systems and all the software that are on the end user machines.