Embed Size (px)
DESCRIPTION
Windows 7 Update and Security Recommendations. Committee Review. Revised Timelines. Medical Center Campus. Applications Update. Estimated date of completion for remaining applications : 2/14/14. Applications Requesting Exception. - PowerPoint PPT Presentation
Citation preview
Windows 7 Update and Security Recommendations
Committee Review
Revised Timelines
2
• Medical Center
• Campus
Applications Update
• Estimated date of completion for remaining applications: 2/14/14
Applications Requesting Exception• UCSF Security Exception Request Form developed for non-
compatible applications and hardware: http://it.ucsf.edu/sites/it.ucsf.edu/files/security_exception_request_v1.5_0.pdf
• Applications submitted for exception:– AMCOM (Operator DB for Patient Info) Connie Standfield, 8
– EndoPRO Cindy Weiner, 75
– EndoPro (APF-Lab) Natasha Komarovskaya
– GE Mobile Care Server Paul Jimenez, 30
– GE Patient Data Server Paul Jimenez, 22
– HeartSuite James Cundiff, 4
– Softmed Natasha Komarovskaya, 10
– SoftMed 6.5 Ed Mahony
– SoftMed Core Messaging Framework Ed Mahony
– SoftMed Resource Locking Client Ed Mahony
– Vericis [Cardiology] James Cundiff, 4
Communications
• Conduct Desktop Drop Notification for Phase II Clinical Rollout: 2/10/14
• Survey early adopter groups for feedback on performance post-upgrade (Lakeshore and Women’s Health Daly City Clinic): 2/13/14
• Medical Center Update: 2/7/14
• Manager’s Weekly: 2/10/14
• Ideas from the project team:– Easily identifiable outfit for morning after Field Walkers
– Quick view stickers: green (upgraded), orange (issue), red (exception)
Security Recommendations
Current State
• No current domain level GPO (Group Policy Object) with local security settings
• Users that receive UCSFMC imaged laptops are set to have local admin access by default.
Risk
• Local admin access– Malware
– Phishing\credential theft
– Installing unauthorized\potentially malicious software
– Potential software licensing issues
– Unauthorized removal of software
– Unauthorized system configuration changes
Risk
• No baseline GPO– Overall this is not best practice
– Many low impacting settings that can have a positive affect on our security posture
IT Security Recommendations
• Local admin access– No local admin access as default user configuration
• Principle of Least Privilege
• Group policy object settings• Based on USGCB (US Government Configuration Baseline)
– Local Windows settings
• 17 GPO settings– Internet Explorer settings
• 5 GPO settings
Impact
• No local admin access– Users will be unable to install and update some
software
– Potentially increased support calls to install software and make other needed configuration changes
– Self support at home
• GPO settings– Each setting has its own inherent impact
Mitigations to Minimize Impact
• Local admin access– Beyond Trust Power Brokers Desktop (Privilege
Manager)
– Software Center (SCCM) – Self Service Portal• In pilot
– Exception process\procedure
• Elevated account request
• GPO settings– Testing to date has revealed little impact to user
productivity
Questions
![Version 2.0.2...2021/01/15 · Version 2.0.2.1 ※ ※ ※ ※ ※ 。 [ ] ‐MEMO‐ PC Windows 18 Windows Update 9:04 Update x os Windows Windows Update Windows Windows Insider](https://img.pdfslide.us/doc/110x75/6120c7136076d91e985e7a9a/version-202-20210115-version-2021-a-a-a-a-a-amemoa.jpg)
