Many will considered this to be a dead topic, especially when there are numerous articles extorting the virtues of technology solutions or that nothing is infallible, especially when we have young employees who use computers with careless efficiency. However, there are a few fundamental controls that will pay heaps of dividends if we do it right, yeah, the right thing:
1. No local administrative rights for end-users.
2. USB port and removable device lockdown for write access, including in-built flash media reader.
3. Lockdown of BIOS system and security configuration - BIOS administrative password required.
4. Enabled TLM Chip with Drivelock capability if the computer supports it.
5.
