Re: Remote Control

[Adrian DuPre <adrian.dupre () gmail com>]

   Without sending you the acutal policy, here goes--  I work in the
medical device industry (FDA/ISO controlled), and we use electronic
signatures.  Since you never know what potentially confidential
information is on a users' screen when you  initiate a remote control
session (i.e. purchasing, quality records, HR data), our remote
control policy includes the following:
1.  Permission must be granted by the user before initiating a session
2.  The method of permission, and the date/time of the remote control
session as well as who initiated the session and what work was
performed are logged in our help desk software (CYA measure)
3.  Upon finishing remote work, IT staff must close all applications
opened during the session.
4.  Any exceptions require approval of IT management, and are
documented and logged.

In our case, it would be nice if we could configure the remote control
software (LanDesk) would create the access record automatically,
allowing the "controller" to only input permission granted and work
performed.

Hope that helps!

-Adrian DuPre'


-----Original Message-----
From: Furutani, Curtis Y Mr TAMC [mailto:Curtis.Furutani () us army mil]
Sent: Tuesday, September 28, 2004 6:10 PM
To: security-basics () securityfocus com
Subject: Remote Control

Anyone have sample policies for remote control of end users desktops? 
Do you require some type of acknowledgement or approval to remotely
administer or assist?