|
-
March 19th, 2007, 06:21 AM
#11
Member
Hi,
It seems that I forgot to mention a few points,all the workers of my client work on windows.So to prevent any transfer of files via internet we removed (disabled) the internet access from there.My client is a Charted Accountant and all most all his work is done in accounting s/w like tally.Internet access for his workers is not his immediate concern.
So even if one worker wants to access the internet he has to reboot the computer into linux and then access it. (XOSL)
In this case he will not be able to access the drive where the senstive data is kept.
And as mention above we we remove all the USB,CD RW ,Floppy drives and put a lock to the computer case.
But then there are some smart chaps who have mastered the fine art of lock picking.
-
March 19th, 2007, 02:41 PM
#12
TejasV, old chap,
 Originally Posted by TejasV
And as mention above we we remove all the USB,CD RW ,Floppy drives and put a lock to the computer case.
But then there are some smart chaps who have mastered the fine art of lock picking.
I spent quite a while working for Price Waterhouse, so I possibly understand your client's concerns?
His main problem seems to be his HR function............ he should not employ those who cannot be trusted?
OK.............. locks, just as it is impossible to fold a sheet of paper in half more than 7 times, it is impossible to pick a lock with 7 levers......... 6 will make it very difficult.
And, once again, picking a lock (a decent one) cannot be done surreptitiously in an open plan office.
Anyway, how valuable is the financial information?
Another thing, I have worked with Indians for far too many years not to know that you have a dual economy............
Your client's clients will not have any "black economy" transactions recorded in his books.............. he is the guy who has to go lie to the taxman is he not?
Hell, I have in the UK, France, Belgium, Germany, South Africa, Australia and the USA  ..............well I considered it "creative tax accounting" at the time 
-
March 23rd, 2007, 10:58 PM
#13
Member
Hi,
His main problem seems to be his HR function............ he should not employ those who cannot be trusted?
To name a client with that function "Ogilvy" they do it,in India at least (not the locking part )
I was just posting a possibility
Your client's clients will not have any "black economy" transactions recorded in his books.............. he is the guy who has to go lie to the taxman is he not
You are right.That is none of my concern,My client, the CA want all his DATA secure and not to be transferred from his computers....my answer is "yes sir,will do" What say?
-
March 23rd, 2007, 11:15 PM
#14
Hey, my friend............. they pay............we do
Please look for seven lever padlocks............they cannot be picked but are a bit more expensive than the regular five lever ones.
Otherwise, locking down his systems seems fine. I am not sure about encryption...................If I had maybe 10 staff looking after various clients (that would be Staff member "A" looks after clients X, Y & Z) I would look at encryption such that I knew it, and only the staff member responsible for the account could access it
Obviously, people could write things down? but making them individually responsible for their own client base might help?...........sorry I don't know how your man runs his shop................
-
March 23rd, 2007, 11:38 PM
#15
Member
Obviously, people could write things down? but making them individually responsible for their own client base might help?...........sorry I don't know how your man runs his shop................
Writing downa few pages .....possible
Writing down a 1000 pages ......Kinda hard don't you think ?
Did i mention of printer security?
There is this saying in Hindi.It roughly translates to this
"Even lord Bhrama cannot catch a in house thief."
I am not sure about encryption.
No we do not use encryption as of now.
Nihil
What do you think of Sun Thin clients in terms of physical security?
Never worked with one
---------------------
www.indiaesecure.com
-
March 24th, 2007, 11:28 AM
#16
Hi, I have worked with thin clients, mostly Citrix.
They do provide an extra layer of security as you can lock down a lot of activity on the local machine. I have even seen a deployment where the users were not permitted to write to the local HDD.
My personal view is that they make it much easier to apply security rules, as you just give the users an icon and access to the applications they need.
Please be careful at dismissing "just writing stuff down"............ after all you don't need to write down that much for an identity theft?
Also, a client's accounts are just a profit and loss statement and a balance sheet and a tax return.............. easily written down
I am sure you do something along these lines but I would always start with some sort of risk and threat level evaluation. Also don't forget physical security (eg. document shredding) and manual checks and balances.
Something like if a cheque is more than Rs 10,000 it has to be signed by a manager and a partner..................and so on.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
