Security Management Guide (G06.24+, H06.03+)
Concerns for the EDP Auditor
Security Management Guide—522283-008
8-5
User Knowledge of File Security
User Knowledge of File Security
If users can control the security of their own files, determine whether they know how to
change the security of their files. If they are using Guardian security strings to secure
their files, they should be familiar with the FUP SECURE command and the
significance of the characters in the security string. If users rely on Safeguard access
control lists to protect their files, find out if they know how to use the SAFECOM
ALTER DISKFILE command to change the access control lists for their files.
If you discover inadequate knowledge of file security mechanisms, identify this as an
area for future training.
CLEARONPURGE
Unless your security policy specifically prohibits it, set CLEARONPURGE for all
sensitive files. If a file has a Safeguard protection record, issue the following command
to check the CLEARONPURGE setting:
8> SAFECOM INFO DISKFILE filename, DETAIL
If a file does not have a Safeguard protection record, issue the following command to
check for CLEARONPURGE:
9> FUP INFO filename, DETAIL
Licensed Programs
Obtain a listing of all licensed programs by using the DSAP program. For example, to
obtain a listing of all licensed files on the $SYSTEM volume:
10> DSAP /out $S/ $system, LICENSED, DETAIL
Use PERUSE to check the output of the DSAP program.
Determine if the licensed programs are HP programs. If they are not, review the
documentation for these programs. Licensed programs should be authorized and fully
supported by your technical support organization.
As mentioned in Section 2, Guardian System Security, the DIVER program should
never be licensed.
Only the super ID can license programs.
PROGID Programs
Obtain a listing of all PROGID programs using the DSAP program as you did for
licensed programs. This command produces a listing of all PROGID files on the
$SYSTEM volume:
11> DSAP /out $S/ $system, PROGID, DETAIL