1.7.1 Setting a security policy
To manage the security status of computers in your organization, you need to develop security principles for your organization first. If your organization has no security principles, develop security principles before starting security management by using JP1/IT Desktop Management 2.
Based on the developed security principles, create a security policy by using JP1/IT Desktop Management 2. By assigning the created security policy to computers, you can check the status of security policy compliance (security status). Update the security policy if the latest security measures trends (security trends) change or your organization's security principles are changed.
If you want to apply a security policy to offline-managed computers, develop the security principles for the offline-managed computers, different from those for online-managed computers.
Related Topics:
- Organization of this subsection
(1) Developing security principles for your organization
If your organization has no security principles, develop security principles before starting security management by using JP1/IT Desktop Management 2. Based on the developed security principles, create a security policy by using JP1/IT Desktop Management 2. For that purpose, we recommend that you check the security policy items before developing security principles.
The points to consider when developing a security policy are as follows:
-
Determine the updates to be installed on Windows.
-
Determine the anti-virus product to be used in your organization.
-
Create a list of software if some software must be installed on each computer or if you want to prohibit the use of some software.
-
Create a list of prohibited services if you want to prohibit the operation of some services in your organization.
-
Determine the principles on the security settings for computers used in your organization such as Widows Firewall settings and whether to use a shared folder.
-
Create a list of deterrence-target operations if you want to deter some operations related to print operation, device operation, and software activation.
-
Create a list of addresses for monitoring targets if you want to monitor web access, email transmission, email reception, and file operations for Web servers and FTP servers.
To develop security principles, you need to keep track of security trends by checking newspaper articles, magazines, software development companies' Web sites, and others. By checking security trends based on your organization's operation policy, you can make your security management operation robust.
For example, you can choose the anti-virus product that matches your organization's operation policy by investigating in advance the virus detection rate and misdetection ratio of each anti-virus product.
- Tip
-
If you find it difficult to obtain information about security trends, we recommend that your organization subcontracts information acquisition work to a tool vendor, VAR (Value Added Retailer), or external consultant.
When you finish developing security principles, create a security policy based on the developed security principles.
(2) Managing a security policy
In the Security Policies view of the Security module, create and manage a security policy. This subsection explains security policy management.
- Create a security policy.
-
Create a security policy based on your organization's security principles. You can create multiple security policies. You can create a different security policy for each department or a security policy for computers that require special management.
You can generate a security policy that is applied to computers in an offline environment by selecting the Create Tool for Applying Policy Offline from Action in the Security Policies view. For details, see the description about the procedure for applying a security policy to offline-managed computers in the manual JP1/IT Desktop Management 2 Administration Guide.
- Assign a security policy to computers.
-
To keep track of the security status of computers, you need to assign the created security policy to computers or groups.
- Edit a security policy.
-
If the security trends change or your organization's security principles are changed, edit a security policy. Security trends change as the computers and the network environment change. By always incorporating security trends into your organization, you become able to robustly manage the security status.
- Delete a security policy.
-
Delete security policies that are not needed anymore when the management structure has changed or when multiple security policies have been integrated.
- Important
-
Agents for UNIX are excluded from security policy-based management. An automatic countermeasure is also not performed. Network connection control is manually performed.
Agents for Mac can be managed by using security policies. However, any detected problems cannot be corrected automatically. The network access control can enable or disable the access depending on the results of security status evaluation.
Computers in the offline environment are included in security-policy-based management. However, the security policy must be applied to the computers via an external storage medium. For details, see the description about the procedure for applying a security policy to offline-managed computers in the manual JP1/IT Desktop Management 2 Administration Guide.