Rethink Remote Access Policy: Mike Cuppett’s Advice

Posted: October 19, 2009 in Rethink Remote Access

Continuing with our series on how to rethink remote access, IT expert Mike Cuppett shares his thoughts on remote access policy. Mike is an IT professional with over 20 years of experience in operations, infrastructure and security. A “developer of people and deliverer of services,” Mike writes for IT Security Rookie as well as his personal blog.

First, I would not define any specific product solution (hardware or software) within the policy, so that the policy would not have to be updated each time a solution changes.

Second, I would define the needs for remote access and categorize them accordingly. Possible categories include system support employee, general employee, external vendor/consultant, external compliance consultant, etc.

Lastly, document the access allowed and controls deployed for each category.

That’s pretty high level, but should make for a good start.

Mike also suggests checking out the following online book stores:

CISSP Prep Book Store
IT Expert Book Store

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s