1.7.8 General procedure for responding to a security audit
In order to perform a security audit on your organization, you need to check such points as whether the environment in your organization complies with the security rules, whether a problem related to security management occurred, and if such a problem occurred, whether the problem has already been corrected.
When you perform security management by using JP1/IT Desktop Management, you can check whether security management is correctly performed, by outputting the following information:
- Security policy judgment result
-
You can check the status of security policy compliance.
- Events related to security management
-
You can check problems related to security management that have occurred. If there is no problem with the status of security policy compliance, you can confirm that these problems have already been corrected.
- Status of the deterrence of prohibited operation
-
You can check whether any prohibited operation is deterred based on the security policy.
- List of computers connected to the network
-
By creating a list of managed computers, you can check security management target computers.
To respond to a security audit:
- 1. Output the security policy judgment result.
-
Using JP1/IT Desktop Management, output the Violation Level Status report in Security Detail Reports.
- 2. Output event data related to security management.
-
Using JP1/IT Desktop Management, output event data related to security management.
- 3. Output the status of the deterrence of prohibited operation.
-
Using JP1/IT Desktop Management, output the Other Access Restrictions Top N report in Security Detail Reports.
- 4. Output a list of managed computers.
-
Using JP1/IT Desktop Management, output a list of managed computers.
Then, submit the above output information at the time of a security audit.
Related Topics:
- Organization of this subsection
(1) General procedure for outputting the security policy judgment result
For a security audit or in a status report to your superior, to present the status of security policy compliance, check and print out the Violation Level Status report in Security Detail Reports.
- 1. Check the Violation Level Status report.
-
To check the status of security policy compliance, display the Violation Level Status report in Security Detail Reports in the Reports module.
Check whether the violation level of every device is Safe. If there is any device showing a violation level other than Safe, click the link of the quantity displayed in the breakdown, check the status of the relevant device, and take action, if necessary.
- 2. Print out the Violation Level Status report.
-
Output the report by clicking the Print button in the Violation Level Status report.
Submit the printed report, if necessary.
Related Topics:
(2) General procedure for outputting event data related to security management
For a security audit or in a status report to your superior, to present the status of the occurrence of problems related to security management and the status of problem correction, check and print out the event data related to security management. If there is no problem with the status of security policy compliance, the problems that you can check from the event data are already corrected.
- 1. Check events related to security management.
-
In the Events module, check whether a problem related to security management occurred, or if a problem occurred, check whether the problem has already been corrected.
Using the filtering function, check events with Security displayed for Type. If there is any event with Critical or Warning displayed for Severity and Not Ack displayed for Status, identify the cause from the error details, and then take necessary measures. When you finish taking measures, change the setting for Status to Ack.
- Tip
-
In this case, you need to be operating JP1/IT Desktop Management in such a way that the event status is changed to Ack after the problem is corrected.
- 2. Print out the security management event information.
-
Export the security management event information, and then print out the output CSV file.
Submit the printed event information, if necessary.
Related Topics:
(3) General procedure for outputting the status of the deterrence of prohibited operation
For a security audit or in a status report to your superior, if you need to show that no prohibited operation has been performed in compliance with the security policy, use the Other Access Restrictions Top N report. By using this report in Security Detail Reports, you can confirm that any prohibited operation is deterred in compliance with the security policy, and then print out the report.
- Tip
-
To deter any prohibited operation, you need to set the operations to be deterred in a security policy in advance.
- 1. Check the Other Access Restrictions Top N report.
-
To check the status of the deterrence of prohibited operation, display the Other Access Restrictions Top N report by selecting Security Detail Reports in the Reports module and then Other Access Restrictions Top N.
In the Other Access Restrictions Top N report, you can check the statuses of printing restriction, blocked software, and external device restriction.
If the number of occurrences of deterrence is unnaturally large, check whether there is any security problem by inquiring of the relevant user about the circumstances.
- 2. Print out the Other Access Restrictions Top N report.
-
Print out the report by clicking the Print button in the Other Access Restrictions Top N report.
Submit the printed report, if necessary.
Related Topics:
(4) Outputting a list of managed computers
For a security audit or in a report to your superior, to show the security management target computers, output a list of managed computers.
- Tip
-
The default policy is automatically assigned to the managed computers even if a specific security policy is not assigned to them. For this reason, by outputting a list of managed computers, you can present the security management target computers in list form.
In the Device Inventory view of the Device module, display only computers by using the filtering function and export the device information of the computers. Then, print out the exported CSV file.
Submit the printed list of the computers, if necessary.
Related Topics: