Our business manager just emailed me this:
Suggest two additional management controls that computerised systems might have in order to maintain the integrity and confidentiality of the financial information
Card controlled access to the finance PC's.
Enforce complex passwords and agressive password aging policy.
Workstation hard drive encryption.
System password for booting.
Password protected / encrypted backups.
Entirely isolated finances network.
1. Finance users with a clue about security.
2. More time to work on existing security rather than having to answer stupid questions.
I've just set up QuickBooks working over Terminal Services, so now our accounts department logs in to a TS server to do enter accounts information, no files full of accounts data go anywhere. I intend to add VPN access at some point too.
There are currently 1 users browsing this thread. (0 members and 1 guests)