Well, I made it!  It was a little more difficult than I had anticipated, but worth it.  Now I just have to build up from here on out.  Thinking of taking the CPT or other security cert. out there.

Hi I wasn't sure if I should post this topic here, but in any case I was wondering if anyone has any recommendations on an Encryption software suite to do it all - encryption/decryption, pwd mgmt, usb encryption etc.  I just don't want to break the bank so to speak.  I'd like for it to be affordable but I might be asking for too much already.  We're a small shop of about 100 employees but I may not need to encrypt everyone's system just those that deal with sensitive/confidential data.  From what I read I like the GuardianEdge software but I don't know how much this costs.

Thank you.

I really like NAP idea and will do some investigating - thank you.  I hope it doesn't require us to be full 2008 Domain Controllers as we still have some mixed (older systems) of 2003 and we're trying to get rid of the last few 2000 servers.

The keywords when it comes to HIPAA is reasonable and appropriate.  If it is not reasonable to train a temporary employee that only stays with you for one day then training shouldn't be a requirement for those employees.

When an employee is given the test is there an acknowledgment form that is signed by them and returned to HR or the security office?  You may want to consider creating a 1 page document that simply covers Compliance, Security and Privacy in very general terms (Ex. employees should not... based on XYZ Policy) and have temp employees read and sign that form for documentation purposes so that you can prove that you are doing your due diligence if it came to that.

Thanks for all the suggestions and tips...  In our case, we're a smaller company and it's usually about a handful of individuals (including an upper mgmt user) particularly engineers that use their personal laptops.  They complain that the systems that are company provided are too slow for their needs and get much more done with their own computers.  I'm definately going to take your advise to see if something can be done to enhance security.  Thanks again.

Hi guys,

I was wondering what others are doing when individuals bring in their personal laptops to the corporate network.  Personally I would like to prevent this altogether, but we also provide users with VPN access and so those that simply bring their laptops in think what is the difference between connecting to the corporate network and going in through VPN.  I'm faced with a double-edged sword so I was wondering if there were any opinions on this topic.

Thanks for your help!

Thanks for the information everyone.  This will definately help me out.

Congrats, I hope to do the same soon!

Hi there, I could use some guidance on this as well.  By chance, is there some template that can be followed, any help is very much appreciated...

Thank you,

-J