Job Management Partner 1/Client Security Control Description, User's Guide and Operator's Guide

6.1 Procedures and window transitions for policy settings

To manage client security, an administrator sets a security policy based on the security objectives. A security policy consists of judgment policies to judge the security level of the client, and action policies to implement actions based on the corresponding security level.

After setting the judgment policies and action policies, the administrator assigns them to clients.

The steps involved in setting a security policy and assigning it to clients are as follows:
Create a judgment policy
Create a judgment policy as required.
This step is unnecessary if you intend using the default judgment policy.

Edit the judgment policy
Set a judgment condition and security level for each judgment item.
The judgment items for a judgment policy are as follows:

Security updates

Anti-virus products

Prohibited software

Mandatory software

PC security settings

User definition

Note that the security levels that can be set for a judgment policy are Danger, Warning, or Caution.
You can also use the judgment policy update command (cscpolimport) to set judgment policies. For details about how to use the cscpolimport command, see cscpolimport (updates judgment policy settings) in 15. Commands.

Create an action policy
Create an action policy as required.
This step is unnecessary if you intend using the default action policy.

Edit the action policy
Set an action for each security level. The security levels are as follows:

Danger

Warning

Caution

Safe

You can set any of the following actions for each security level:

Notify the administrator by email

Send a message to the client

Control client connections to the network

Implement a user-defined action (user-specific command set by the administrator)

You can customize the text of the messages sent to the administrator and client.
Assign the policies
Assign the created judgment policy and action policy to clients.
A default judgment policy and a default action policy are pre-assigned to every client.
 
Reference note

Default policies are assigned whenever a new client is configured in the system. If you add a client after starting operations with your client security control system, assign policies to that client as required.
Security policies are set and assigned from the Policy Management main window.

The following figure shows the window transitions for the Policy Management main window.

Figure 6-1 Windows transitions for the Policy Management main window

To log in to the Policy Management main window:

Log on to Windows as a user with Administrators permissions.

Click the Start menu, and choose Programs, Client Security Control, and then Policy Management.
After a splash window is displayed, the Client Security Control Policy Management Login window is displayed.

Set each item.
The items to set are as follows:

User ID text box

Enter the user ID of the CSC administrator.

Password text box

Enter the password of the CSC administrator.

Click the OK button.
If user authentication is successful, you are logged in to JP1/CSC - Manager and the Policy Management main window appears.

Figure 6-2 Policy Management main window

The following describes the Policy Management main window.

The Policy Management main window is for managing the security policies in the system. It consists of two panes: a group tree view and a PC list tree view.

The display items in the Policy Management main window are as follows.

Group tree view

The group tree view shows the hierarchy of departments and sections to which the clients belong, based on the asset information managed in AIM.

The tree root is shown as Overall system. Clients that do not belong to any department are grouped under Independence PCs.

PC list tree view

The PC list tree view shows client asset information and details about the policies assigned to clients, based on the asset information managed in AIM. The policy information includes the asset number, host name, judgment policy name, action policy name, IP address, MAC address, OS information, group name, user name, and location of each client in list format.

The following information is displayed in PC list tree view, depending on what you select in the group tree view:

Select Overall system:
To view information for all clients.

Select a group name:
To view information for the clients belonging to that group.

Select Independence PCs:
To view information for the clients that do not belong to any group.

When you click a column header, the PC information in that column is sorted in ascending or descending order.

By setting display conditions in the Set Display Conditions dialog box, you can view asset information for only those clients that meet the set conditions. When display conditions are set, Policy Management Window (display conditions: Setting) appears in the title bar of the Policy Management main window. Before you set any display conditions, Policy Management Window (display conditions: No setting) appears in the title bar.

The menus in the Policy Management main window are shown below.

Table 6-1 Menus in the Policy Management main window

Menu Command Purpose

File Exit Closes the Policy Management main window.

Edit Copy Copies asset information (text in CSV format) to the clipboard.
This command is available when you select a single client in the PC list tree view.

Select All Selects all the clients in the PC list tree view.

Policy Manage Judgment Policy ( button) Displays the Manage Judgment Policy dialog box.
In this dialog box, you can create, edit, delete, rename, and copy judgment policies.

Manage Action Policy ( button) Displays the Manage Action Policy dialog box.
In this dialog box, you can create, edit, delete, rename, and copy action policies.

Edit Judgment Policy ( button) Displays the Edit Judgment Policy window for editing a judgment policy assigned to a selected group or PC.
This command is available when you select a single client in the PC list tree view.

Edit Action Policy ( button) Displays the Edit (Action Policy) window for editing an action policy assigned to a group or PC.
This command is available when you select a single client in the PC list tree view.

Assign Judgment Policy ( button) Displays the Assign Judgment Policy dialog box for assigning a judgment policy to a selected group or client. This command is available when you select a group in the group tree view, or one or more clients in the PC list tree view.

Assign Action Policy ( button) Displays the Assign Action Policy dialog box for assigning an action policy to a selected group or client. This command is available when you select a group in the group tree view, or one or more clients in the PC list tree view.

View Set Display Conditions ( button) Displays the Set Display Conditions dialog box for setting conditions for displaying clients in the PC list tree view.
This command is available when you select a group in the group tree view.

Refresh Collects asset information managed in AIM, and updates the information displayed in the group tree view and PC list tree view.

Help Version Displays version information.

Legend:

The buttons shown in parentheses appear in the tool bar.

The following commands also appear in the shortcut menu of the Policy Management main window:

Edit Judgment Policy

Edit Action Policy

Assign Judgment Policy

Assign Action Policy

Set Display Conditions

Copy

Menu	Command	Purpose
File	Exit	Closes the Policy Management main window.
Edit	Copy	Copies asset information (text in CSV format) to the clipboard. This command is available when you select a single client in the PC list tree view.
Select All	Selects all the clients in the PC list tree view.
Policy	Manage Judgment Policy ( button)	Displays the Manage Judgment Policy dialog box. In this dialog box, you can create, edit, delete, rename, and copy judgment policies.
Manage Action Policy ( button)	Displays the Manage Action Policy dialog box. In this dialog box, you can create, edit, delete, rename, and copy action policies.
Edit Judgment Policy ( button)	Displays the Edit Judgment Policy window for editing a judgment policy assigned to a selected group or PC. This command is available when you select a single client in the PC list tree view.
Edit Action Policy ( button)	Displays the Edit (Action Policy) window for editing an action policy assigned to a group or PC. This command is available when you select a single client in the PC list tree view.
Assign Judgment Policy ( button)	Displays the Assign Judgment Policy dialog box for assigning a judgment policy to a selected group or client. This command is available when you select a group in the group tree view, or one or more clients in the PC list tree view.
Assign Action Policy ( button)	Displays the Assign Action Policy dialog box for assigning an action policy to a selected group or client. This command is available when you select a group in the group tree view, or one or more clients in the PC list tree view.
View	Set Display Conditions ( button)	Displays the Set Display Conditions dialog box for setting conditions for displaying clients in the PC list tree view. This command is available when you select a group in the group tree view.
Refresh	Collects asset information managed in AIM, and updates the information displayed in the group tree view and PC list tree view.
Help	Version	Displays version information.

[Contents][Back][Next]

[Trademarks]

All Rights Reserved. Copyright (C) 2009, 2011, Hitachi, Ltd.
Copyright, patent, trademark, and other intellectual property rights related to the "TMEng.dll" file are owned exclusively by Trend Micro Incorporated