Why the seven domains of a typical IT infrastructure help organizations align to separation of duties

The seven domains of a typical IT infrastructure are:

  • user domain
  • workstation domain
  • LAN domain
  • LAN to WAN domain
  • WAN domain
  • remote access domain
  • systems/application domain

To a large extent, most of the domains can be said to have their own particular processes, functions, and tasks. However, areas of overlap exist and need to be addressed and clear decisions made on their ownership.

When duties are separated by using the seven domains as a base, it helps give clarity of job junctions, transparency on task ownership, distributes controls, and aids in the implementation of secure IT controls.

For instance, if the workstation IT staff installs and maintains end-point protection on all the desktop clients, the centralized control and log collection of all the clients will be handled by the IT staff in the LAN domain.

So if a malicious workstation IT staff member wrongly configures the CFO’s laptop to allow malware, the LAN analyst who handles the centralized aggregation of endpoint protection logs will be able to detect the misconfiguration and raise an alert.