welcome back to intermediate endpoint security course. And in this lesson, I will be talking about process management. So basically, how to define processes for device management. And when I talking about processes, I'm talking about those things that you cannot.
let's say automate that have to be done by people. So you have tow define some guidelines for these processes. So first, the role is
what you do when you bring new device in a fault. And you have different approaches based on what kind of management approach you have chosen. So, for example, if you have bring your own devices,
you have to check specification, install additional software and do the standardize their wives testing
if its acquisition. So you purchase device or is it? Choose your own device. You have to do wipe, unload or you do the provisioning. Um, de depending on, uh,
most of the companies do wipe and load, so they form of the hard drive of the PC that come to them. And then they installed the corporate image that has been tested, re tested, certified and has all the applications that any user in the company needs all the standard application. So, for example, if you're
using Microsoft Office
on your standard corporate image, Microsoft Office will be already installed and things that these for those of you who don't know that these images are constantly updated. So if, for example, you have decided to let the update off some kind of
Windows update or major wind up, they go through.
And there you have corrected all the possible problems with drivers and applications not running. So you fixed everything, then you put it in the new image. And now every new PC comes toe function with that new image for that particular model off
We bring your own devices. You cannot do it
because you're not supposed to form a to the hard drive or something that is essentially a private property.
So you then have to go through a process off. If it's the windows, usually the provisioning or you just install additional software and then you have to have some tests to standardize. If that device is okay, so, for example, you can have bring your device policy. But you say Okay, this device has to have TPM on it.
DPM 2.0 Andre 50 p. M. Trip is there, then it's OK, then you can continue
on, then. After that, you have to do by a settings in hard drive encryption. So if
just the simple thing is, for example, to set to the bias password
now, bias password is something that you cannot set previously because okay, on some some some software management tools for some wonders allow you to automatically set bias
with that tool on that device. But you cannot do it by just loading the new image on the hard drive in your low in image and hard driver. Haven't done anything, but at that point, because you have you have to have touch on the on the physical PC. You can do the BIOS settings,
and you can set to the hardware encryption progress or just
what it happened when the user turns the PC for the first time.
The second thing is for devices returning for the service, and this works both for PCs and printing devices. So regardless off type of one point,
uh, this is the procedure that should be set up, so you have to check the BIOS settings. So if the device was Ah repaired and the mother board was replaced on a PC or for mature board or a rendering board on on a printer
and then some settings off. The BIOS on a PC or embedded Web server have been reset to factory defaults, for example. There is no password, so somebody has to physically track it.
Then, if the hard drive has been replaced, or it will if it was encrypted hard drive and the mother board on the PC was replaced or the hard drive on the printing device was replaced. Whatever you have to.
If it's possible, do wiping load. Or do the provisioning so basically installed the version off operating system with all the applications that is standard in the same way that it is being done on the new PC that is brought into fleet, you have to set hardware encryption. You have to do by settings on the PC or
to do embedded Web server settings on printing the rice,
and you have to do standard check and standard check is something that has to be done essentially in a way that you at least check some defensive capabilities off. Operating system is everything up to date, and you also have to do the
check off anti virus. Is it up to date?
So these things might not be
so. You don't allow the rights to go into use inside the company if you haven't gone through standard checking process and see OK is the anti wires their latest version has. It hasn't been updated, have all the Windows security updates being installed, and so on, so on. So whatever
after that, you can put device back in the action.
So this is all about processes that you need to know. Of course, if you in your company, have. If you are, you start working in a job that involves defining these policies. You have to talk to people in business groups in verticals inside the company and ask them how
they want things to be done in, so that you are not missing something from the security standpoint.
Now, at the end of this lesson, let's do a Shortland check. The question is what it doesn't need to be performed when setting up the new device isn't to Dubai settings. Is it to the driver installation or is it to turn on a hard drive encryption,
and the answer is driver installation. So driver installation should be essentially on your image or doing done during provisioning, because if you're doing the provisioning than the drivers essentially installed with the device says it comes from the service or on from them.
It's get comes with the operating system, but the BIOS, settings and HD encryption is something you have to do by yourself.
So in this video you have learned about managing to important processes and in next lesson, I'm just going to do short rake up off this whole section that was talking about management and control off endpoint devices.