- 2008 functional-level
- approximately 300 users, 300 computers, 15 servers (2 files servers and 5 domain controllers)
- Office 365 email
After reading a bit on this huge topic...
I have some favorite (broad) snippets (below).
My question is broad I know but from a standpoint of auditing with:
1. log-level auditing
2. file-level auditing
3. user-level auditing
What native Windows tools should I use?
Should I create a server to collect all the audit data? What type & OS/Applications?
Should I use native tools or third party tools?
What type of tools has worked best for you?
What mix of auditing is best?
Am I even mentioning the best type? If not, what should I use?
What about encryption? Bit locker?
Thank you for your help in advance!
HIPAA 164.312(b) Audit Controls: Implement hardware, software and procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information, or ePHI.
HIPAA Password Compliance - The HIPAA Privacy Regulations require that appropriate administrative, technical, and physical safeguards are in place to protect the privacy of protected health information. To meet this requirement, XYZ has implemented a change to the password policy for all accounts used for accessing the XYZ, Inc. web site.
The following represents the minimum requirements for your XYZ password.
* Password complexity: Must not contain significant portions (three or more contiguous characters) of your account name or full name, must be at least eight (8) characters in length, must not use control characters and other non-printing characters, and must contain characters from at least three of the following four categories arranged in any order.
* English uppercase characters (A through Z)
* English lowercase characters (a through z)
* Base 10 digits (0 through 9)
* Non-alphabetic characters: ~!@#$%^*&;?.+_
* Maximum age: All passwords must be changed at least every sixty (60) days.
* History: Set at six (6), meaning the password needs to be set six times before it can be reused.
* Account Lockout Threshold: After five (5) unsuccessful attempts to enter a password, the involved user-ID will be temporarily disabled for five (5) minutes after which the account will be automatically unlocked.
Guide to Creating A Secure Password - Passwords must be a minimum of eight (8) characters long and alphanumeric. Passwords should not be based on one's user name, actual name or any dictionary name; i.e., a good password should not contain standard words. The longer your password is the more secure it will be.