Professional Documents
Culture Documents
Organizational Chart For IT Department
Organizational Chart For IT Department
Organizational Chart For IT Department
Organizational Chart
Joshua P. Abinal
BSIT 3A
IT Department of PSUB
Organizational Chart
Joshua Abinal
CIO/IT Department Head
Benedict Relles Johan Abinal Ben Tennison Ramon Cruz Rene Nazareth Christian Lee John Edwards
Technical Enterprise Cloud Networking Network Cloud Engineer Cyber Security App Developer
Support Architect Support Engineer
Risk Mitigation
• User can destroy data in application(intentionally or To mitigate threats and risks in this domain, the IT
not) and delete all department must establish and implement strong
• User can find that his girlfriend cheated on him and security controls and policies including robust password
use her password to delete all of her work so that she policies, 2FA (Two-Factor Authentication), acceptable
would be fired. use policy (AUP), access privilege management, conduct
• User can insert infected CD or USB flash drive into employee training and awareness program about
the work computer cybersecurity threats.
Workstation Domain
Risk Mitigation
The IT department should harden all computers that are
• The workstation’s OS can have a known software
used by its employees, and adopt the Defense in depth
vulnerability that allows a hacker to connect remotely
strategy. Hardening is a process whereby a computer is
and steal data.
made more resistant to cyber intrusion from malicious
• A workstation’s browser can have a software
attack. This should be made by implementing strong
vulnerability which allows unsigned scripts to silently
controls through software revisions, security patches,
install malicious software.
system configuration, and the use of anti-virus, anti-
• A workstation’s hard drive can fail causing lost data
malware, and workstation login ID/passwords.
LAN Domain
Risk Mitigation
Segmentation is a good practice where the network is
divided for different users (employees vs visitors). This
• A worm can spread through the LAN and infect all
will ensure that when outsiders connect with the
computers in it.
network do not infect the network with malware. In
• LAN server OS can have a known software
addition, the firewall should have egress filtering to limit
vulnerability.
users’ access to the Internet. The IT also needs to apply
• An unauthorized user can access the organization’s
Network Security Protocols to encrypt communication,
workstations in a LAN
and ensure data transported through network's
connections stays safe and secure.
LAN-to-WAN Domain
Risk Mitigation
In this complex domain, important security controls need to be applied. All security
appliances in this domain must be configured to comply with policy definitions
• A hacker can penetrate your IT infrastructure including the following: (1) IP routers which transport IP packets to and from the
internet need to be logically configured, and establishing access control list to filter
and gain access to your internal network. traffic (Permit or deny traffic); (2) Firewall to filter traffic; (3) Demilitarized zone
• Weak ingress/egress traffic filtering can degrade (LAN segment), which serves as a buffer zone for inbound and outbound traffic; (4)
Intrusion detection system examines traffic to identify attack and malicious intent
performance. and triggers an alarm once detects a threat; (5) Proxy server, which serves as a
• A firewall with unnecessary ports open can allow middleman where data is analyzed and screened before they relayed to the IT
infrastructure; (6) Web content filter, which filters domain names and prevent
access from the Internet unauthorized traffic from entering the IT infrastructure; (7) Email content filter,
which blocks the content of all emails until properly screened for viruses, then allow
clear emails pass to users.
WAN Domain
Risk Mitigation
In this domain, propping the LAN-to-WAN will
• Service provider can have a major network outage.
mitigate any risk comes from WAN. Using firewalls as
• Server can receive a DOS or DDOS attack.
mentioned before as well as conducting constant
• A FTP server can allow anonymously uploaded
penetration tests are very important to ensure that the
illegal software
domain is secured.
Remote Access Domain
Risk Mitigation
A virtual private network (VPN) is used to provide a secure
remote access connection across the Internet. VPN uses
• Communication circuit outage can deny connection. encryption and authentication to ensure confidentiality,
integrity, and privacy of communications through the network.
• Remote communication from office can be
VPN creates an encrypted communications tunnel over a
unsecured. public network such at the Internet. It is important that users
• VPN tunneling between remote computer and are authenticated before accessing the network through 2FA
ingress/egress router can be hacked (Two-Factor Authentication). Robust procedures need to be
created for remote access such as conducting regular audits,
monitoring logins attempts, and using strict firewall ACLs.
System and Application Domain
Risk Mitigation
It is important to maintain these systems and software
by regularly patching them, and installing
• A fire can destroy primary data antimalware/antivirus software to stop infections
• A DOS attack can cripple the organization’s email downloaded through email or from a compromised
• A database server can be attacked by SQL injection, website. Finally, user training and awareness are
corrupting the data essential to ensure that they recognize phishing and
social engineering schemes to prevent hackers from
penetrating the network through them.