The Security Domain defines the roles, technologies, standards, and policies necessary to protect the information and technology assets of the State of Missouri and its citizens from denial of service, vandalism, theft, and any other form of unauthorized access. The Security domain defines the security management principles that are applied to ensure the appropriate level of protection for the State's information technology assets.
Management Controls
Techniques and concerns, normally addressed by management, regarding the organization’s computer security strategy. It includes the mitigation of risk within the organization.
Technology Areas
- Information Classification
- Personnel Security
- Security Risk Management
- Vulnerability Testing
Operational Controls
Procedures implemented and executed by people, as opposed to systems, to improve the security of a system or group of systems. They often require technical or specialized expertise and may rely upon management activities as well as technical controls.
Technology Areas
- Authentication
- Data Verification
- Event Monitoring/Analysis
- Fire/Safety Factors / Supporting Utilities
- Incident Response
- Message Authentication
- Password Policy Controls
- Penetration Testing
- Physical Access Control
- Portable System Controls (Physical Access)
- Security Awareness
- Security Education
- Security Skills Training / Certification
- Virus Detection & Elimination
Technical Controls
Security controls executed by computer systems, as opposed to people. The implementation of technical controls requires significant operational consideration and should be consistent with the management of security within the organization.
Technology Areas
- Access Controls
- Cryptography
- Date / Time Controls
- Entity Authentication
- Inactivity Controls
- Intrusion Detection Systems
- Log-on Banners
- Remote Access
- Secure Gateways / Firewalls
- SRC