In today’s interconnected world, securing the application, operating system (OS), and database (DB) layers isn’t just prudent—it’s essential.
In the previous blog we got to know about the basis and basic controls in ITGC.. thus now let us understand the Critical Connections while Exploring ITGC Controls in OS, Application, and Database
Let us get a better insight of these controls over :
- Application Layer
- OS Layer (Operating System)
- DB Layer (Database)
Overview of the Controls in the Layers
Layer | Key Security Controls |
---|---|
Application | Logical Access Management, Change Management, Patch Management, Email Security, Logging and Monitoring (SIEM), Incident and Problem Management (ITIL) |
Operation System | Physical Access Management, Physical and Environmental Controls, Backup Management, Network Security, Endpoint Security (Antivirus, DLP), Asset Management |
Database | Logical Access Management, Change Management, Backup Management, Vendor and Third-Party Risk Management, Business Continuity Plan and Disaster Recovery, Capacity Utilization and Planning |
Application Layer
-
Logical Access Management : Implementing RBAC (Role Based Access Controls) this ensure restricted access of application functions and data according to the user roles and responsibilities. Segregating the duties within applications to prevent conflicts of interest and reduce the risk of fraud
Learn about RBAC implementation and benefits from resources like TechTarget's RBAC guide !
Change Management : Establishes a formal change management process for applications to track and authorize changes. It ensures, that changes are properly tested and approved to maintain application integrity and functionality
Patch Management : Applying the patches and updates to application software to address security vulnerabilities and bugs thereafter Test the patches in a controlled environment to minimize disruption to application operations.
Email Security : Implement email security controls within applications to protect against phishing attacks, malware attachments, and unauthorized access to email accounts, these are some of the protocols used :- SPF/DKIM/DMARC
Logging and Monitoring (SIEM): : Implement logging mechanisms within applications to capture and monitor events related to user activities, system operations, and security incidents. Integrate with SIEM (Security information and event management) for centralized monitoring and analysis.
-
Incident and Problem Management (ITIL): To handle accidents and issues pertaining to applications, adhere to ITIL procedures. To reduce recurrence, keep incident records, examine the underlying reasons, and take corrective action.
Explore ITIL's incident management processes through resources like AXELOS ITIL guides.
Operating System
Physical Access Management : Implement physical security controls such as access cards, biometric authentication, and surveillance cameras to prevent unauthorized access to servers and workstations.
Physical and Environmental Controls :Ensure servers and data centres have physical security controls like secure facilities, temperature monitoring, fire suppression systems, and backup power supplies.
-
Backup Management: Regularly back up OS configurations, system files, and critical data to prevent data loss and periodically test restoration procedures to ensure reliability and quick restoration in case of failure.
Backup Management Best Practices:
Guidelines for implementing effective backup strategies can be found on Backblaze's blog.
Network Security :Configure firewalls, IDS/IPS, and VPNs to protect OS layer from unauthorized network access and attacks, and continuously monitor network traffic for potential security breaches.
*Endpoint Security (Antivirus, DLP) *: Install antivirus software and DLP solutions on endpoints to protect against malware, unauthorized data transfers, and other security threats
Asset Management: : Maintain an inventory of OS licenses, software versions, and hardware configurations. While tracking the assets to ensure compliance with licensing agreements and optimize resource allocation.
Database Layer
Logical Access Management : Implementation of access controls within databases to restrict users' access to sensitive data based on their roles and responsibilities. Separating the duties for database administrators (DBAs) and application developers to prevent unauthorized data access.
Change Management : Develop and test database schema, stored procedures, and SQL queries controls in a development environment before deploying them to production.
-
Backup Management :Perform regular backups of databases to protect system work against data loss. Storing backups securely and ensure they are tested for reliability and integrity.
Disaster Recovery Planning
Guidance on disaster recovery planning is available from IBM's disaster recovery resources.
Vendor and Third-Party Risk Management: Assess security risks associated with third-party database vendors and service providers. Review contracts and service level agreements (SLAs) to ensure compliance with security requirements.
Business Continuity Plan and Disaster Recovery : Create and test procedures for data restoration and database recovery in the event of a disaster, guaranteeing business continuity to reduce downtime and data loss.
Capacity Utilization and Planning: Database performance metrics, including CPU utilization, memory usage, and storage capacity, should be monitored. Planning for scalability and resource allocation is crucial to accommodate increasing data needs.
Database Security Best Practices
Learn about securing databases from Oracle's database security guide.
Each layer of IT infrastructure (Application, OS, DB) requires tailored controls and management practices to mitigate risks effectively, ensure regulatory compliance, and maintain operational resilience.
Audits play a crucial role in verifying the implementation of these controls and assessing the overall security posture of the organization. By adhering to best practices and leveraging comprehensive security frameworks like NIST, ISO, or CIS, organizations can enhance their ability to protect sensitive data, respond to incidents, and sustain business continuity.
Top comments (0)