Re: sesecuring access to workgroup for notebooks

In-Reply-To: <41A043F9000277DF@vsmtp2alice.tin.it (added by 
postmaster@aliceposta.it)>

thank you alessandro for your answer.
Risk assessment is performed by an external resource (consultant). I'm part of 
internal tech staff that should interact with the consultant during analisys.
Moreover we like "to hear from more than one bell" 
(italian adagio, do not know if any english exists
for this...). Motivations are:
1. knowing what's going on (I got this job a few weeks ago, and I found a very 
anarchy in the IT department...) and what risks we are exposed;
2. legal: you got the point: italian law brings us to this, and I DO want this 
not be only a legal hassle,
but the chance to reorganize procedures kick off
any bad practice.

The first of such I did notice is that there is quite a lot of people (mostly 
interns as I said) coming in the office, plugging his/her notebook to the 
corporate net
(modifing by hand IPs and so on) and getting access.

but this only the first thing...
There's no defined way to organize, on the server,
access to folders (anything is public...) and so on.
So can you please helpme? can you, for example, point me to some docs explainig 
how we should organize procedures and so on?

thanks
davide

> >
> First of all: what's the goal of the Risk Assessment? Technical? 
> For budgeting purposes? For legal compliance (like, since we are 
> both in Italy, the New Privacy Code)? The purpose will drive the 
[...]
> Cheers,
>
> -- 
> Alessandro Bottonelli, CISSP & BS7799 Lead Auditor
> AXIS-NET Privacy & InfoSec Consulting
> http.//www.axis-net.it