Welcome to the SecAware blog

I spy with my beady eye ...

26 Jan 2008

New security standard for teleworkers

NIST security standard SP800-114 is a new User’s Guide to Securing External Devices for Telework and Remote Access.

"Many people telework (also known as telecommuting), which is the ability for an organization’s employees and contractors to conduct work from locations other than the organization’s facilities. Teleworkers use various devices, such as desktop and laptop computers, cell phones, and personal digital assistants (PDA), to read and send email, access Web sites, review and edit documents, and perform many other tasks. Most teleworkers use remote access, which is the ability of an organization’s users to access its nonpublic computing resources from locations other than the organization’s facilities. Organizations have many options for providing remote access, including virtual private networks, remote system control, and individual application access (e.g., Web-based email)."

The 14,000 customers of an ISP who lost their email accounts (see our previous blog entry) could have avoided disaster by taking the 46 pages of free but sound advice in SP800-114. Its scope is much broader than data backups, covering aspects such as securely configuring and maintaining operating systems, using VPNs for remote access etc.

No comments:

Post a Comment