1.7.1 Setting a security policy
To manage the security status of computers in your organization, you need to develop security principles for your organization first. If your organization has no security principles, develop security principles before starting security management by using JP1/IT Desktop Management.
Based on the developed security principles, create a security policy by using JP1/IT Desktop Management. By assigning the created security policy to computers, you can check the status of security policy compliance (security status). Update the security policy if the latest security measures trends (security trends) change or your organization's security principles are changed.
![[Figure]](GRAPHICS/ZU070001.GIF)
Related Topics:
- Organization of this subsection
(1) Developing security principles for your organization
If your organization has no security principles, develop security principles before starting security management by using JP1/IT Desktop Management. Based on the developed security principles, create a security policy by using JP1/IT Desktop Management. For that purpose, we recommend that you check the security policy items before developing security principles.
The points to consider when developing a security policy are as follows:
-
Determine the updates to be installed on Windows.
-
Determine the anti-virus product to be used in your organization.
-
Create a list of software if some software must be installed on each computer or if you want to prohibit the use of some software.
-
Create a list of prohibited services if you want to prohibit the operation of some services in your organization.
-
Determine the principles on the security settings for computers used in your organization such as Widows Firewall settings and whether to use a shared folder.
-
Create a list of deterrence-target operations if you want to deter some operations related to print operation, device operation, and software activation.
-
Create a list if you want to monitor some emails and access to some Web sites, Web servers, and FTP servers.
To develop security principles, you need to keep track of security trends by checking newspaper articles, magazines, software development companies' Web sites, and others. By checking security trends based on your organization's operation policy, you can make your security management operation robust.
For example, you can choose the anti-virus product that matches your organization's operation policy by investigating in advance the virus detection rate and misdetection ratio of each anti-virus product.
- Tip
-
If you find it difficult to obtain information about security trends, we recommend that your organization subcontracts information acquisition work to a tool vendor, VAR (Value Added Retailer), or external consultant.
When you finish developing security principles, create a security policy based on the developed security principles.
(2) Managing a security policy
In the Security Policies view of the Security module, create and manage a security policy. This subsection explains security policy management.
- Create a security policy.
-
Create a security policy based on your organization's security principles. You can create multiple security policies. You can create a different security policy for each department or a security policy for computers that require special management.
- Assign a security policy to computers.
-
To keep track of the security status of computers, you need to assign the created security policy to computers or groups.
- Edit a security policy.
-
If the security trends change or your organization's security principles are changed, edit a security policy. Security trends change as the computers and the network environment change. By always incorporating security trends into your organization, you become able to robustly manage the security status.
- Delete a security policy.
-
Delete security policies that are not needed anymore when the management structure has changed or when multiple security policies have been integrated.