1 / 12

Windows 7 Update and Security Recommendations

Windows 7 Update and Security Recommendations. Committee Review. Revised Timelines. Medical Center Campus. Applications Update. Estimated date of completion for remaining applications : 2/14/14. Applications Requesting Exception.

chalondra-naiser
Download Presentation

Windows 7 Update and Security Recommendations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows 7 Update and Security Recommendations Committee Review

  2. Revised Timelines • Medical Center • Campus

  3. Applications Update Estimated date of completion for remaining applications: 2/14/14

  4. Applications Requesting Exception • UCSF Security Exception Request Form developed for non-compatible applications and hardware: http://it.ucsf.edu/sites/it.ucsf.edu/files/security_exception_request_v1.5_0.pdf • Applications submitted for exception: • AMCOM (Operator DB for Patient Info) Connie Standfield, 8 • EndoPROCindy Weiner, 75 • EndoPro (APF-Lab) Natasha Komarovskaya • GE Mobile Care Server Paul Jimenez, 30 • GE Patient Data ServerPaul Jimenez, 22 • HeartSuite James Cundiff, 4 • SoftmedNatasha Komarovskaya, 10 • SoftMed 6.5 Ed Mahony • SoftMed Core Messaging FrameworkEd Mahony • SoftMed Resource Locking Client Ed Mahony • Vericis [Cardiology] James Cundiff, 4

  5. Communications • Conduct Desktop Drop Notification for Phase II Clinical Rollout: 2/10/14 • Survey early adopter groups for feedback on performance post-upgrade (Lakeshore and Women’s Health Daly City Clinic): 2/13/14 • Medical Center Update: 2/7/14 • Manager’s Weekly: 2/10/14 • Ideas from the project team: • Easily identifiable outfit for morning after Field Walkers • Quick view stickers: green (upgraded), orange (issue), red (exception)

  6. Security Recommendations Current State No current domain level GPO (Group Policy Object) with local security settings Users that receive UCSFMC imaged laptops are set to have local admin access by default.

  7. Risk • Local admin access • Malware • Phishing\credential theft • Installing unauthorized\potentially malicious software • Potential software licensing issues • Unauthorized removal of software • Unauthorized system configuration changes

  8. Risk • No baseline GPO • Overall this is not best practice • Many low impacting settings that can have a positive affect on our security posture

  9. IT Security Recommendations • Local admin access • No local admin access as default user configuration • Principle of Least Privilege • Group policy object settings • Based on USGCB (US Government Configuration Baseline) • Local Windows settings • 17 GPO settings • Internet Explorer settings • 5 GPO settings

  10. Impact • No local admin access • Users will be unable to install and update some software • Potentially increased support calls to install software and make other needed configuration changes • Self support at home • GPO settings • Each setting has its own inherent impact

  11. Mitigations to Minimize Impact • Local admin access • Beyond Trust Power Brokers Desktop (Privilege Manager) • Software Center (SCCM) – Self Service Portal • In pilot • Exception process\procedure • Elevated account request • GPO settings • Testing to date has revealed little impact to user productivity

  12. Questions

More Related