Your policy is concise, succinct and well written. Visually, it is a very clean read and the use of white space really helps. The manner in which you refer and point to other policies and sites (xyz.com/RAS) was sensible and appropriate. Overall, you had the key elements needed for a remote access policy with the temperate amount of granular detail. My only suggestion would be to specify the frequency that your policy is reviewed.
Your video and pptx. are nice complements to the policy. It clearly calls out what the policy covers, who is responsible, why it is important and the consequences if it is not appropriately handled. The demo of how to log into the VPN was a great addition as well. Really well done!
I agree completely. The video especially felt like a “true” training video.
One suggestion that I’ve seen made for other groups, that I think would also work well here, is to think about a “training completion certificate”. This artifact will likely help for the Audit Project that’s coming up.
Good job on the policy! Your policy really helps someone see the layered nature of security. At the end of the policy, the list of related policies and procedures is comprehensive and shows how different information and resources are both applicable and necessary for adhering to the remote access policy.
The definitions section was a good addition for clarifying to readers the different elements of remote access such as intranet, extranet, and VPN.
You clarify key questions in your presentation and video which users will appreciate having answers to.
Team 2, I found your Remote Access Policy to be written with great detail, particularly the policy requirements. The video does a great job with complimenting/enforcing the written portion of the policy, and the two VPN demos are great visuals. This policy would be beneficial for any employee to reference. Great Job.
I thought the policy was well written and formatted very well. The video was really good especially at the end where it shows you the procedures for accessing the RCG remotely. Besides reading the policy I believe some people are visual learners and seeing that video would be a big help. I do have a question; how could you detect if somebody was violating the RCG remote access policy by doing a walkthrough?
I thought your company presented a very good amount of information on your Remote Access policy. I thought with this level of information new employees or other external users (i.e vendors, contractors etc.) without any prior knowledge on remote access will be perfectly brought up to speed. Your presentation/training video, I thought in particular was very informative and demonstrative on remote access/VPN – this way employees can know exactly what is expected of them. The only thing I found slightly odd was that your Remote Consulting Group company allows “personally owned computers” and “personally owned computing devices” to remotely access it’s corporate networks. I understand that such devices must meet the standards/requirements of “RCG-owned equipment for remote access” before being used, however I would imagine most companies that aim to reduce the risk of sensitive information/data leaks shouldn’t allow any non-corporate (non-RCG) device to remotely access their corporate network, period. Reading through the compliance section of your policy, I also thought it will be extremely difficult to implement (or at least accurately implement) some of the control measures listed on your policy to personally owned computers/computing devices. The fact that your company mandates using a two-factor authentication mechanism to remotely access its networks should be a reason not to allow personally owned computers in my opinion.
I like the demo which is useful for the company and training. First of all, not all employees know computer well. Thus, giving a demo can help them learn it as soon as possible, which save much time. Then, it can reduce the risk. If we do not give demo to tell employees how to do this, they will try any methods to run it. They may make mistakes or use in a wrong way which make a hidden risk. However, In the video, there are a long time that we just watch the desktop without any action. Maybe you can add some explanatory texts or somethings to full it.
For the document, I like the seventh part of the document and mention them in the policy, which give employees some information about what policy they should should look to help them understand this policy. It is real helpful because this policy have a lot to connect with other document. If we do not tell employees where they can find these document, they may spend much time in searching them or give up finding it. However, I have a question, for the “time-out” system, is this system set by the users or by the program?
A detailed and nicely written policy and video\ppt to accompany it. I like the video had a demo of accessing RCG via VPN. The policy in a way became a user guide which I think is beneficial. There were lots of requirements which were clearly stated and explained. And section 6 was a good index of definitions, this with the demo video is a “how to start” guide in understanding the policy and principles behind them. Great job!
Team 2,
Your policy is concise, succinct and well written. Visually, it is a very clean read and the use of white space really helps. The manner in which you refer and point to other policies and sites (xyz.com/RAS) was sensible and appropriate. Overall, you had the key elements needed for a remote access policy with the temperate amount of granular detail. My only suggestion would be to specify the frequency that your policy is reviewed.
Your video and pptx. are nice complements to the policy. It clearly calls out what the policy covers, who is responsible, why it is important and the consequences if it is not appropriately handled. The demo of how to log into the VPN was a great addition as well. Really well done!
I agree completely. The video especially felt like a “true” training video.
One suggestion that I’ve seen made for other groups, that I think would also work well here, is to think about a “training completion certificate”. This artifact will likely help for the Audit Project that’s coming up.
Great job.
Good job on the policy! Your policy really helps someone see the layered nature of security. At the end of the policy, the list of related policies and procedures is comprehensive and shows how different information and resources are both applicable and necessary for adhering to the remote access policy.
The definitions section was a good addition for clarifying to readers the different elements of remote access such as intranet, extranet, and VPN.
You clarify key questions in your presentation and video which users will appreciate having answers to.
Team 2, I found your Remote Access Policy to be written with great detail, particularly the policy requirements. The video does a great job with complimenting/enforcing the written portion of the policy, and the two VPN demos are great visuals. This policy would be beneficial for any employee to reference. Great Job.
I thought the policy was well written and formatted very well. The video was really good especially at the end where it shows you the procedures for accessing the RCG remotely. Besides reading the policy I believe some people are visual learners and seeing that video would be a big help. I do have a question; how could you detect if somebody was violating the RCG remote access policy by doing a walkthrough?
Team 2,
I thought your company presented a very good amount of information on your Remote Access policy. I thought with this level of information new employees or other external users (i.e vendors, contractors etc.) without any prior knowledge on remote access will be perfectly brought up to speed. Your presentation/training video, I thought in particular was very informative and demonstrative on remote access/VPN – this way employees can know exactly what is expected of them. The only thing I found slightly odd was that your Remote Consulting Group company allows “personally owned computers” and “personally owned computing devices” to remotely access it’s corporate networks. I understand that such devices must meet the standards/requirements of “RCG-owned equipment for remote access” before being used, however I would imagine most companies that aim to reduce the risk of sensitive information/data leaks shouldn’t allow any non-corporate (non-RCG) device to remotely access their corporate network, period. Reading through the compliance section of your policy, I also thought it will be extremely difficult to implement (or at least accurately implement) some of the control measures listed on your policy to personally owned computers/computing devices. The fact that your company mandates using a two-factor authentication mechanism to remotely access its networks should be a reason not to allow personally owned computers in my opinion.
I like the demo which is useful for the company and training. First of all, not all employees know computer well. Thus, giving a demo can help them learn it as soon as possible, which save much time. Then, it can reduce the risk. If we do not give demo to tell employees how to do this, they will try any methods to run it. They may make mistakes or use in a wrong way which make a hidden risk. However, In the video, there are a long time that we just watch the desktop without any action. Maybe you can add some explanatory texts or somethings to full it.
For the document, I like the seventh part of the document and mention them in the policy, which give employees some information about what policy they should should look to help them understand this policy. It is real helpful because this policy have a lot to connect with other document. If we do not tell employees where they can find these document, they may spend much time in searching them or give up finding it. However, I have a question, for the “time-out” system, is this system set by the users or by the program?
A detailed and nicely written policy and video\ppt to accompany it. I like the video had a demo of accessing RCG via VPN. The policy in a way became a user guide which I think is beneficial. There were lots of requirements which were clearly stated and explained. And section 6 was a good index of definitions, this with the demo video is a “how to start” guide in understanding the policy and principles behind them. Great job!