Introduction to NonStop Operations Management
Security Management
Introduction to NonStop Operations Management–125507
9-11
Data Encryption
carefully screening all who request materials, allowing access to approved persons only,
and creating explicit hand-over procedures between the storage-area staff (especially
staff on contract) and your staff.
Data Encryption
If you cannot provide physical security for data, consider encrypting the data so that
intruders cannot easily access the data. For example, tapes sent through the mail, disks
that are transported, and communications lines that can be tapped all provide points of
access to data. Consider encrypting all data transported in these ways.
Managing Access to the System
Users must have an ID to access a system. User IDs can be very powerful tools and are
the items most commonly under attack when an intruder is trying to penetrate a system.
Therefore, it is important that your security policy provide guidelines for the operations
staff regarding:
•
User groups
•
Access-control lists
•
Adding user IDs
•
Assigning user aliases
•
Special group IDs
•
Guest-user IDs
•
Unused IDs
•
Deleting user IDs
•
Reusing user IDs
User Groups
Belonging to a user group gives the group member the right to access objects (such as
files and processes) that are secured for group access. Deciding how classes of users
need to share files is a major requirement for developing a strategy for group
assignment.
Two common ways of assigning groups are to:
•
Assign groups by function: create distinct groups for system programmers,
application programmers, quality-assurance testers, administrative assistants,
technical writers, and data-entry clerks.
•
Assign groups by project: create a group for each project and assign user names
within that group for all designers, testers, and other project people. Managing this
approach can be difficult when people work on more than one project, switch from
one project to another, or don’t belong to one project (for example, department
administrators).
The Safeguard Administrator’s Manual contains information on defining and managing
user groups.