Security Basics mailing list archives
Re: sesecuring access to workgroup for notebooks
From: Davide <ak_71 () libero it>
Date: 24 Nov 2004 15:36:51 -0000
In-Reply-To: <41A043F9000277DF () vsmtp2alice tin it (added by postmaster () aliceposta it)> thank you alessandro for your answer. Risk assessment is performed by an external resource (consultant). I'm part of internal tech staff that should interact with the consultant during analisys. Moreover we like "to hear from more than one bell" (italian adagio, do not know if any english exists for this...). Motivations are: 1. knowing what's going on (I got this job a few weeks ago, and I found a very anarchy in the IT department...) and what risks we are exposed; 2. legal: you got the point: italian law brings us to this, and I DO want this not be only a legal hassle, but the chance to reorganize procedures kick off any bad practice. The first of such I did notice is that there is quite a lot of people (mostly interns as I said) coming in the office, plugging his/her notebook to the corporate net (modifing by hand IPs and so on) and getting access. but this only the first thing... There's no defined way to organize, on the server, access to folders (anything is public...) and so on. So can you please helpme? can you, for example, point me to some docs explainig how we should organize procedures and so on? thanks davide
First of all: what's the goal of the Risk Assessment? Technical? For budgeting purposes? For legal compliance (like, since we are both in Italy, the New Privacy Code)? The purpose will drive the
[...]
Cheers, -- Alessandro Bottonelli, CISSP & BS7799 Lead Auditor AXIS-NET Privacy & InfoSec Consulting http.//www.axis-net.it
Current thread:
- sesecuring access to workgroup for notebooks Davide (Nov 22)
- Re: sesecuring access to workgroup for notebooks Alessandro Bottonelli (Nov 23)
- <Possible follow-ups>
- Re: sesecuring access to workgroup for notebooks Davide (Nov 26)