Hitachi

JP1 Version 12 JP1/IT Desktop Management 2 Administration Guide


1.7.1 Setting a security policy

To manage the security status of computers in your organization, you need to develop security principles for your organization first. If your organization has no security principles, develop security principles before starting security management by using JP1/IT Desktop Management 2.

Based on the developed security principles, create a security policy by using JP1/IT Desktop Management 2. By assigning the created security policy to computers, you can check the status of security policy compliance (security status). Update the security policy if the latest security measures trends (security trends) change or your organization's security principles are changed.

[Figure]

If you want to apply a security policy to offline-managed computers, develop the security principles for the offline-managed computers, different from those for online-managed computers.

Related Topics:

Organization of this subsection

(1) Developing security principles for your organization

If your organization has no security principles, develop security principles before starting security management by using JP1/IT Desktop Management 2. Based on the developed security principles, create a security policy by using JP1/IT Desktop Management 2. For that purpose, we recommend that you check the security policy items before developing security principles.

The points to consider when developing a security policy are as follows:

To develop security principles, you need to keep track of security trends by checking newspaper articles, magazines, software development companies' Web sites, and others. By checking security trends based on your organization's operation policy, you can make your security management operation robust.

For example, you can choose the anti-virus product that matches your organization's operation policy by investigating in advance the virus detection rate and misdetection ratio of each anti-virus product.

Tip

If you find it difficult to obtain information about security trends, we recommend that your organization subcontracts information acquisition work to a tool vendor, VAR (Value Added Retailer), or external consultant.

When you finish developing security principles, create a security policy based on the developed security principles.

(2) Managing a security policy

In the Security Policies view of the Security module, create and manage a security policy. This subsection explains security policy management.

Create a security policy.

Create a security policy based on your organization's security principles. You can create multiple security policies. You can create a different security policy for each department or a security policy for computers that require special management.

You can generate a security policy that is applied to computers in an offline environment by selecting the Create Tool for Applying Policy Offline from Action in the Security Policies view. For details, see the description about the procedure for applying a security policy to offline-managed computers in the manual JP1/IT Desktop Management 2 Administration Guide.

Assign a security policy to computers.

To keep track of the security status of computers, you need to assign the created security policy to computers or groups.

Edit a security policy.

If the security trends change or your organization's security principles are changed, edit a security policy. Security trends change as the computers and the network environment change. By always incorporating security trends into your organization, you become able to robustly manage the security status.

Delete a security policy.

Delete security policies that are not needed anymore when the management structure has changed or when multiple security policies have been integrated.

Important

Agents for UNIX are excluded from security policy-based management. An automatic countermeasure is also not performed. Network connection control is manually performed.

Agents for Mac can be managed by using security policies. However, any detected problems cannot be corrected automatically. The network access control can enable or disable the access depending on the results of security status evaluation.

Computers in the offline environment are included in security-policy-based management. However, the security policy must be applied to the computers via an external storage medium. For details, see the description about the procedure for applying a security policy to offline-managed computers in the manual JP1/IT Desktop Management 2 Administration Guide.