MITIGATION STRATEGIES
Touchpoint Pro
Pt. No. 2400M2567_1 8 Security Guide
5 Mitigation Strategies
The following mitigation strategies should be followed
5.1 Touchpoint Pro System
5.1.1 Monitor System Access
In addition to the security controls listed in paragraph 3.4, the TPPR has the following facilities which can be used to identify
unexpected configuration changes:
1. On Screen Warning
The TPPR system displays an on-screen warning when the configuration has been changed since the last backup.
The warning can only be cleared by a sufficiently authorised user backing up the system, or restoring a previous
backup. These operations can only be carried out locally at the TPPR controller.
2. Configuration Counter
TPPR maintains a configuration counter which is incremented when any configuration change is made. The
increment is variable. Any change indicates a configuration change.
The configuration counter is accessible from Tool box, Help
3. Last Login
The login name of the last logged in user may be viewed and checked if changes have been carried out.
The last login username is accessible from Tool box, Help
4. Event History and Log
All user logins and system operations are recorded in the event log and may be viewed on the event history screen or
by generating an event report.
The above should be routinely monitored and verified as part of system maintenance.
5.1.2 User Access and Passwords
Touchpoint Pro has three levels of user. Users at each level have unique usernames and passwords. Observe the following
good practice:
1. Ensure physical security of passwords. Avoid writing user names and passwords where they can be seen by
unauthorised personnel.
2. Set the minimum level of access for each user. Do not provide users with privileges they do not need.
3. Create a separate user name and password for each user. Avoid sharing of user names and passwords among
multiple users.
4. Ensure that users only log in using their own credentials.
5. Periodically audit user accounts and remove any that are no longer required.
6. Ensure that passwords and user credentials are regularly changed.
7. Create a new Administrator account with new credentials and delete the default Administrator user.
8. Minimise the number of Administrator level users. The recommended number is two.
To Next Page
Loading...
Need help?
General
