Manualshelf

Introduction to NonStop Operations Management

ManualsBrandsHP ManualsServerHP NonStop G-Series
171172173174175176177178179180
Security Management
Introduction to NonStop Operations Management125507
9-4
Security Guidelines
Security Guidelines
Your security policy might range from permissive to restrictive. Initially, it is most
helpful to use a somewhat restrictive approach, because it is difficult to tighten security
practices once users become accustomed to a permissive approach.
Security concepts that can guide your security policy are:
Least privilege
Baseline security
Least Privilege
Least privilege dictates that users access the system only when they need to. You might
initially provide insufficient access for some people to get their jobs done, but you can
correct this matter by granting access as needed. This approach is preferable to allowing
unwarranted access, which might become impossible to correct and which might cause
serious damage to your company.
Baseline Security
Baseline security is the minimal level of security your organization is committed to
providing. You can base the level of protection on what is done in organizations similar
to yours. Some experts recommend this approach because of its use as a defense in legal
proceedings resulting from a break-in. (Proof might be necessary that prudent protection
was provided; policies comparable to other similar operations could be essential to such
proof.)
Security Is a People Problem
Effective security depends on the commitment of management, the staff, and users.
Without this commitment, people tend to select convenience at the expense of security,
and so make computer operations vulnerable. Intruders use this situation to their
advantage. For example, even so simple a convenience as not logging off when away
from a terminal can provide the opportunity an intruder needs to break into a system.
Management Support
Your management must be convinced of the importance of security and should openly
support security policy. Management should also assume responsibility for enforcing
whatever security policy is adopted. Usually, a corporate security officer ensures that a
security policy is developed and implemented and that users are trained.