« Version 4.1 - 7.10 Computer security forensics | Main | Welcome »

Version 4.1 - 7.11 Desktop security risk management and assessment

This is another thin section in the study guides. Just in case - you should probably take a look at the Cisco Secure Desktop FAQ.

SANS has a really good whitepaper on Managing Desktop Security. [FYI - SANS stands for SysAdmin, Audit, Network and Security.]

Desktops should really be considered along with (not separate from) other devices during Risk Management and Risk Assessment.

Three major factors to consider when implementing overall desktop security:

# People
# Process
# Technology

People -- Education, awareness and enforcement. Your AUP should be regularly reviewed and acknowledged.

Process:
- Governance
- Policies, baselines and procedures
- User classification, review and audit
- Penetration testing

Technology:
- Centralized management
- Password protection
- Single sign-on
- Desktop lock
- Virus detection and File encryption
- Personal firewall

And with this, I'm going to wrap up Section 7. Whew! It seems like a million years ago just yesterday that I started blogging the blueprint. Just one more section to go and I'll be ready for the exam - that is eliminated tomorrow.

The Evolving Technologies is on both exams - so that is going to carry over. I will just have to add on a few delta posts for the 5.0 version.


Sections

Powered by
Movable Type 3.2