RSD Policies
Last response: in Business Computing
If there's one thing that the recent WikiLeaks scandal can teach the IT Pro community it's that security policies concerning removable storage devices (RSD's) shouldn't be taken for granted.
Aside from never using an unknown RSDs on company computers, what kinds of policies do you have in place at your company to prevent information security breaches?
Aside from never using an unknown RSDs on company computers, what kinds of policies do you have in place at your company to prevent information security breaches?
More about : rsd policies
Well, my company (Hospital) doesn't have very many security policies in that regard, but if I were network admin, the following policies would immediately go into effect:
1.) No RSDs. Period. Ever. At all.
2.) Limited, privileged and monitored FTP access
3.) Privacy screens for all nurses' stations and other publically viewable workstations. You would be surprised how many mobile workstations we have sitting around on the floor with pt information pulled up
4.) 30 second workstation lockouts for mobile workstations (since we use RFID tap badges for authentication this would not be a huge inconvenience)
1.) No RSDs. Period. Ever. At all.
2.) Limited, privileged and monitored FTP access
3.) Privacy screens for all nurses' stations and other publically viewable workstations. You would be surprised how many mobile workstations we have sitting around on the floor with pt information pulled up
4.) 30 second workstation lockouts for mobile workstations (since we use RFID tap badges for authentication this would not be a huge inconvenience)
Being in the healthcare area and following up on Teddy's comments:
1) Limiting RSDs is difficult and the requirements to do so are relatively new. If you have Win2k8 and Win7, this is much easier. I've seen people try to block RSDs and end up disabling keyboards and mice.![:)]( ":)")
2) PKI Infratructure.
3) Privacy screens in place. Check.
4) More than a "best attempt" aspect when dealing with things like HIPPA. Stronger guidelines need to be in place. Otherwise it is really just a facade on what is really going on.
5) Disk encryption, either endpoint or bitlocker.
The old saying is that a lock door keeps a person honest. A lock won't keep a dishonest person out.
For example, MFPs store a lot of patient data on them and very few places lock down the local hard drive and/or do encryption. On top of that, remove burners from all PCs and have the devices monitored and/or loaned out to select individuals. The cost is cheap to have all PCs with burners in them, but not the route to go.
last one: Don't use MACs in a secure environment.![:)]( ":)")
1) Limiting RSDs is difficult and the requirements to do so are relatively new. If you have Win2k8 and Win7, this is much easier. I've seen people try to block RSDs and end up disabling keyboards and mice.
2) PKI Infratructure.
3) Privacy screens in place. Check.
4) More than a "best attempt" aspect when dealing with things like HIPPA. Stronger guidelines need to be in place. Otherwise it is really just a facade on what is really going on.
5) Disk encryption, either endpoint or bitlocker.
The old saying is that a lock door keeps a person honest. A lock won't keep a dishonest person out.
For example, MFPs store a lot of patient data on them and very few places lock down the local hard drive and/or do encryption. On top of that, remove burners from all PCs and have the devices monitored and/or loaned out to select individuals. The cost is cheap to have all PCs with burners in them, but not the route to go.
last one: Don't use MACs in a secure environment.
riser said:
Being in the healthcare area and following up on Teddy's comments:1) Limiting RSDs is difficult and the requirements to do so are relatively new. If you have Win2k8 and Win7, this is much easier. I've seen people try to block RSDs and end up disabling keyboards and mice.
2) PKI Infratructure.
3) Privacy screens in place. Check.
4) More than a "best attempt" aspect when dealing with things like HIPPA. Stronger guidelines need to be in place. Otherwise it is really just a facade on what is really going on.
5) Disk encryption, either endpoint or bitlocker.
The old saying is that a lock door keeps a person honest. A lock won't keep a dishonest person out.
For example, MFPs store a lot of patient data on them and very few places lock down the local hard drive and/or do encryption. On top of that, remove burners from all PCs and have the devices monitored and/or loaned out to select individuals. The cost is cheap to have all PCs with burners in them, but not the route to go.
last one: Don't use MACs in a secure environment.
I really like the full disk encryption suggestion. I'll have to keep that in mind once I reach director of network engineering
Related ressources:
- ForumCompatability Pllease
- ForumQuestion about cleaning up/enhancing pictures....
- ForumWhat is your dream PC case ????
- ForumEpson printers, scanners and AIOs
- ForumPhotographing children
- ForumNikon User to Canon help me I'm slipping...
- ForumMonitors, CRT of flat screen?
- ForumBenefits of cloud computing
- More resources
Read discussions in other Business Computing categories
!
