Security Domains

Security Domains as defined by Industry Standards. Our Expertise relies on our Methodology.

What Are Security Domains?

Security Domains are divisions within Information Technology that provide a reasonable approach to classifying different functions that make up the IT Environment. Each Security Domain has a unique set of security requirements. The security domains are based on Standards developed by the National Institutes of Standards and Technology (NIST). It is important to realize that security standards and best practices are the key to comparing your data environment’s security posture.

Access Control Security

Access Controls is a concept that revolves around who can get to what information and what can they do with the information.

  • Categories and Controls
  • Control Threats and Measures
  • Application Security
  • Software Based Controls
Business Continuity and Disaster Recovery Planning
  • Response and Recovery Plans
  • Restoration Activities
Information Security and Risk Management
  • Policies, Standards, Guidelines and Procedures
  • Risk Management Tools and Practices
  • Planning and Organization
  • Legal, Regulations, Compliance and Investigations
  • Major Legal Systems
  • Common and Civil Law
  • Regulations, Laws and Information Security
Security Architecture and Design
  • Principles and Benefits
  • Trusted Systems and Computing Base
  • System and Enterprise Architecture
Service Provider Oversight Control

We will evaluate your controls over outsourcing arrangements, ensuring that such arrangements provide an effective means to support the institution’s technology needs while retaining your responsibility for managing risk. We will evaluate:

  • Due diligence
  • Control and Security SLA’s
Business Goals and Network Security Domain
Software Development life-cycle and Principles

Software development work into distinct phases (or stages) containing activities with the intent of better planning and management. It is often considered a subset of the systems development life cycle. The methodology may include the pre-definition of specific deliverables and artifacts that are created and completed by a project team to develop or maintain an application.

Topgallant Partners assists organizations by evaluating the current software development process for security risks.

Cryptography Security Domain
  • Basic Concepts and Algorithms
  • Signatures and Certification
Operational Security Domain
  • Media, Backups and Change Control Management
  • Controls Categories
  • Physical (Environmental) Security
  • Layered Physical Defense and Entry Points
  • Site Location Principles
Logging and Data Collection Control

We will assess that the reasonable steps to ensure that sufficient data is collected from secure log files to identify and respond to security incidents and to monitor and enforce policy compliance. This control area is critical for an effective response program.

Telecommunications and Network Security
Network Security Concepts and Risks Security