Manualshelf

User's Manual

ManualsBrandsSolaris ManualsSoftwareCX-310-301
11121314151617181920
Solaris 9 Security CX-310-301 13
¾ The procedure to follow in the event of a security breach
¾ Any special dispensation procedures, for example, to allow rapid deployment of a system or
application before being fully accredited to the policy
¾ References to Data Protection legislation and how the policy complies with the legal requirements
Physical Security
This describes the physical security measures that must be taken to protect the assets described in the policy
and must include the following:
¾ Location of the asset
¾ Access to the asset during normal working hours and, if access is permitted out of hours, what
special measures are taken
¾ Emergency procedures
¾ Any special access methods, such as swipe cards, keys and so on
¾ Any theft prevention methods, such as asset tagging, secure fixings and so on
Platform Security
Platform security relates to the entire platform (PC or Unix for example) and details the procedures that
must be followed to implement a server for the designated platform. Of particular interest is the use of any
authentication modules that need to be applied, or the delegation of administrator functions to other user
accounts (roles and sudo for example).
Network Security
This aspect is primarily concerned with protecting the company’s data whilst it is being transferred from
one system to another, i.e. on the network. The network security section should include details of network
protection mechanisms and devices:
¾ Firewalls
¾ Virtual Private Networks (VPN)
¾ Routers
¾ Encryption methods used
¾ Any intrusion prevention mechanisms used
¾ Any authentication mechanisms used, such as single sign-on applications like Sun Enterprise
Authentication Mechanism (SEAM)