Do you have specific baseline security configurations for domain workstations based on their usage? i.e. a normal baseline for certain users in medium security areas, and a high security baseline for workstations used by users in more sensitive areas? Or do you do a one size fits all type configuration for all your workstations regardless of areas they work in if some are more sensitive than others?
I wondered about PCI rules here, what about intranet apps that process CC data, are there any specific requirements for workstations accessing this system, that wouldn’t be so much of an issue for workstations that weren’t using this System. One other example is we collect highly sensitive data via post and this is scanned in and stored on a document management system. As far as I know the scanner is only accessible from the machine it is attached, but is that machine more vulnerable due to the sensitivity of the data is scans? I don’t really know much about scanners to quantify the risk in this case.