Re: sesecuring access to workgroup for notebooks

[Davide <ak_71 () libero it>]

In-Reply-To: <41A043F9000277DF () vsmtp2alice tin it (added by postmaster () aliceposta it)>

thank you alessandro for your answer.
Risk assessment is performed by an external resource (consultant). I'm part of internal tech staff that should interact 
with the consultant during analisys.
Moreover we like "to hear from more than one bell" 
(italian adagio, do not know if any english exists
for this...). Motivations are:
1. knowing what's going on (I got this job a few weeks ago, and I found a very anarchy in the IT department...) and 
what risks we are exposed;
2. legal: you got the point: italian law brings us to this, and I DO want this not be only a legal hassle,
but the chance to reorganize procedures kick off
any bad practice.

The first of such I did notice is that there is quite a lot of people (mostly interns as I said) coming in the office, 
plugging his/her notebook to the corporate net
(modifing by hand IPs and so on) and getting access.

but this only the first thing...
There's no defined way to organize, on the server,
access to folders (anything is public...) and so on.
So can you please helpme? can you, for example, point me to some docs explainig how we should organize procedures and 
so on?

thanks
davide

> >
> First of all: what's the goal of the Risk Assessment? Technical? 
> For budgeting purposes? For legal compliance (like, since we are 
> both in Italy, the New Privacy Code)? The purpose will drive the 
[...]
> Cheers,
>
> -- 
> Alessandro Bottonelli, CISSP & BS7799 Lead Auditor
> AXIS-NET Privacy & InfoSec Consulting
> http.//www.axis-net.it