Filter
Top Products
30 Building a Network Access Control Solution with IBM Tivoli and Cisco Systems
The security compliance process for desktops and mobile clients can be
simplified to look like this:
1. Apply security policy.
The first step in setting up a health check process is to make sure the
required security control settings of the enterprise security policy are audited.
2. Check control settings and compare to security policy.
With the NAC in place the health check audit is automated and takes place
every time the client connects to the network. This approach is very efficient
in terms of protecting the network. However, additional security means may
be required to protect the clients themselves (and information that they may
contain) when they are operating outside the corporate network.
3. Address deviations.
The system owner has to be informed about the findings of the health check
process. Usually a list of deviations is presented to the user in a pop-up
window and the noncompliant workstation is refused access to the corporate
intranet.
4. Correct settings.
As the configuration of the client tends to be unified and is regulated by a
separate policy, there is no need to test the changes on every client. All
requested changes should be applied as soon as possible either through the
manual process according to designated instructions or in an automated way.
5. Report compliance status.
The audit team creates security compliance status reports for management
and external audit purposes on a regular basis. These reports document the
number of noncompliances found, the progress of the new policy deployment,
and so on.
2.3.2 Security policy life cycle management
In any organization, Information Technology resources are very important assets
that are critical to business success and must be protected from unauthorized
users without sacrificing integrity, availability, and confidentiality. Organizations
must keep their IT security policies current and assess compliance regularly.
Conducting regular security-education sessions for employees is a good idea.
The most important aspects of a security policy are identifying a threat,
assessing the risk associated with it, providing means to protect critical data, and
maintaining integrity and confidentiality without any compromise. Security policy
creation is an ongoing process; all policies require constant review and
amendment as necessary to suit the organization’s business model. If for some