DSS05.03 Manage endpoint security.

Ensure that endpoints (e.g., laptop, desktop, server, and other mobile and
network devices or software) are secured at a level that is equal to or
greater than the defined security requirements of the information
processed, stored or transmitted.
Input
APO03.02 Define reference architecture.
The reference architecture describes the current and target architectures for the business,
information, data, application and technology domains.
- Model
APO09.03 Define and prepare service agreements.
Define and prepare service agreements based on the options in the service catalogues. Include
internal operational agreements.
- OLAs
- SLAs
BAI09.01 Identify and record current assets.
Maintain an up-to-date and accurate record of all IT assets required to deliver services and
ensure alignment with configuration management and financial management.
- Physical inventory checks Result
DSS06.06 Secure information assets.
Secure information assets accessible by the business through approved methods, including
information in electronic form (such as methods that create new assets in any form, portable
media devices, user applications and storage devices), information in physical form (such as
source documents or output reports) and information during transit. This benefits the business
by providing end-to-end safeguarding of information.
- Violation Reports

Output
APO01.04 Communicate management objectives and direction.
Communicate awareness and understanding of IT objectives and direction to appropriate
stakeholders and users throughout the enterprise.
- Security policies for endpoint device
Activity
1. Configure operating systems in a secure manner.
- how do we configure an OS? configure yang seperti apa ini maksudnya?
- secure manner? ambigu. berdasarkan apa sesuatu dapat dinilai "seccure manner"? apakah
yang penting cuman melakukan sesuatu sesuai "manner" yang ditetapkan dalam standard
operation nya sudah bisa dibilang secure? atau gimana?

2. Implement device lockdown mechanisms.

- something like deepfreeze maybe?

3. Encrypt information in storage according to its classification.

- basically it's about data management system

4. Manage remote access and control.

- is it talking about the access permission of the end user? read, write, modified, etc"?
- control as in, what? the control given to the said user or what?

5. Manage network configuration in a secure manner.

- again, secure manner, ambigu.
- i guess network configuration as in the topology, dns, and so on and so forth (pak taufiq,
jarkom)

6. Implement network traffic filtering on endpoint devices.

- firewall?

7. Protect system integrity.

- integrity as in protecting what should be there (software and other essential data) and what
shouln't be there (document and virus) i guess
- win. defender, antivirus, and deepfreeze should do the job just fine

8. Provide physical protection of endpoint devices.

- just make some regulations, rules, and code of conduct on how to safely and securely use
the device.
- no protection could stop human hand if the want to break something, so just regular
protection and rules on how to use the device should do the trics

9. Dispose of endpoint devices securely.

- inget" cerita pak taufiq, pak indra, dan pak kartono.
- clue, dumpster diving. how to "not" do that