Now that we've described the requirements for the servers in the data centers and local offices, we need to ensure that we can cover everything else.
Phase C focuses on BYOD, corporate workstations/laptops, and so on, as it is important to have an inventory of what is owned by the organization, what is not owned by the organization, what is online, and what is offline.
A recommendation would be to look at the lessons learned from phase B for these devices:
- What is required for a corporate device to access information?
- Patches up to date
- Antivirus up to date
- Properly configured
- What is required for a personal device to get on the network?
- Do we have to create a separate network for BYOD?
- Do we require personal devices to have specific configurations?
- Password/PIN/Biometrics for phone access
- Hard drive encryption
- What constitutes a device being quarantined or kicked off the network?