Using Reflex Disknet Pro to Aid Compliance with BS 7799 & ISO/IEC ...
Using Reflex Disknet Pro to Aid Compliance with BS 7799 & ISO/IEC ...
Using Reflex Disknet Pro to Aid Compliance with BS 7799 & ISO/IEC ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
3.5. Media handling and security [8.6]<br />
Clause 8.6 asks that all media should be controlled and protected from theft and<br />
unauthorised access.<br />
3.6. Management of removable media [8.6.1 (a) (b)]<br />
There should be procedures for the management of removable computer media.<br />
RDP was designed specifically <strong>to</strong> offer this type of management control. All media<br />
must be authorised for use which will necessitate a content scan using either a third<br />
party anti-virus product or RDP’s own content scanner. It may indeed require both of<br />
these scans <strong>to</strong> be performed. Once authorised for use, an audit trail can be kept of<br />
all files s<strong>to</strong>red on the device. Fig. 6 shows one event from a removable media log<br />
file.<br />
Fig. 6<br />
You will note that there is a unique ID number, time, operation, host name (PC),<br />
process, file name, and user name recorded.<br />
<strong>Pro</strong>tecting the media’s contents from unauthorised access is achieved by making the<br />
policy dictate that all removable media should be encrypted, as discussed in section<br />
2.<br />
© <strong>Reflex</strong> Magnetics Ltd 12