View Single Post
  #2   (View Single Post)  
Old 8th May 2008
roddierod's Avatar
roddierod roddierod is offline
Real Name: Rod Person
VPN Cryptographer
 
Join Date: Apr 2008
Location: Pittsburgh, Pa
Posts: 437
Post

I've had to do some security documentation for some of our servers so that they would be allowed to operate on the enterprises network. But, they proved a questionire to fill out.

The main things the want covered are:

- what process are running on the servers.
- who has access to the servers (remotely and physically)
- are there different user roles with different levels of priviledges
and describe them.
- are there logs? are the logs reviewed and how often?
- my servers are in a healthcare/insurance environment so they want
to know information on what can of data it contains and is there a
possiblilty that someone could steal people personal information. And
in the US we have to follow HIPAA guidelines.
- And of course desribe the security procedures and such.

HTH.
__________________
"The basic tool for the manipulation of reality is the manipulation of words. If you can control the meaning of words, you can control the people who must use the words." -Philip K. Dick
Reply With Quote