1.7 Managing the security status
To manage the security status of computers in your organization, you need to determine the security rules and make each computer user observe such rules. You also need to keep track of the current security status and correct security problems if necessary.
By using JP1/IT Desktop Management, you can do the following to efficiently manage computer security:
-
Set a security policy based on the security rules of your organization and apply that policy to each computer.
-
Keep track of the status of each computer's security policy compliance and security problems, using a list or report.
-
Automatically take measures against security problems.
You can perform security management operations in the Security module. To manage the security status, set a security policy, keep track of the status of computers, and take measures against any detected security problem. By repeating the cycle of status tracking and taking measures against security problems, improve the security status of your organization. The following figure shows how to manage the security status:
![[Figure]](GRAPHICS/ZU070004.GIF)
Based on the security rules of your organization, set a security policy by using JP1/IT Desktop Management.
By assigning a security policy to computers, you can check the status of security policy compliance in a list or report. If you find any problem, take necessary measures. If you set automatic enforcement to the security policy, necessary measures are taken at the time when you assign the security policy to computers.
Using the security policy settings, you can also deter the use of some software or USB device, or obtain an operation log from each computer to detect a suspicious operation.
This section explains how to use JP1/IT Desktop Management in the operations described below. See the description of the operation that suits your purpose.
- Set a security policy.
-
Set a security policy by using JP1/IT Desktop Management based on the security rules of your organization. By applying the set security policy to computers, you can check the status of security policy compliance (security status).
- Take necessary measures against a security policy violation.
-
You (administrator) can set the configuration in such a way that if a security policy violation occurs, you are informed of that violation by email. Based on the email, you can take necessary measures against the security policy violation. There are two methods for taking measures against security policy violations: automatic enforcement and manual enforcement.
- Automatically apply updates to computers.
-
JP1/IT Desktop Management obtains updates released by Microsoft and automatically distributes and applies them to computers. It takes a certain period time for JP1/IT Desktop Management to apply updates to computers after the updates have been released.
- Manually apply updates to computers.
-
You (administrator) obtain updates released by Microsoft and then register them in JP1/IT Desktop Management to distribute and apply them to computers. You can immediately apply released updates to computers.
- Check the anti-virus status when a virus infection occurs.
-
When the anti-virus product detects a virus, you can check the anti-virus status of computers.
- Permit the use of authorized software only.
-
By checking the software installed on each computer, you can register and manage any software unnecessary for work as unauthorized software.
- Check for information leakage.
-
If a suspicious operation is detected, you can check for information leakage.
- Restrict the use of USB devices.
-
You can permit data to be read from and written to authorized USB devices only. You can also prohibit the use of USB devices in your entire organization and permit users in your organization to read data from and write data to a USB device only on the specific computer.
- Respond to a security audit.
-
For a security audit to be conducted, you can provide proof that the security status in your organization is properly managed based on the security policy.