Manualshelf

Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
21222324252627282930
Security Management Guide522283-008
1-1
1 Introduction
Security is more than just system controls. Security for your site should also include
user training, security procedures customized for each department, and physical
controls if necessary. A security policy should guide all of the security-relevant
activities of your organization.
This section provides guidelines to help you develop a security policy and security
procedures. It also introduces extended security features provided by the Safeguard
software.
Security Policy and Procedures
Throughout this manual, you will see references to your security policy. A security
policy is usually a high-level statement of the security goals of an organization.
Because security depends on the cooperation of all users, everyone must be made
aware of the security policy and what they must do to comply with it.
Also, more important is management support of the security policy. Management must
be serious about security and continually support the policy. Otherwise, the user
community might eventually lose respect for the security practices they are expected to
follow.
Although this manual cannot define what your policy should be, it provides you with
two policies as examples. For more information, see Appendix A, Sample Policies.
From your policy, you should develop specific security procedures that govern the
operation of any departments that handle sensitive information.
Some examples of security procedures you should develop include:
Installation procedures for system and application software.
Procedures for adding and removing users from the system.
Procedures governing the actions of privileged users, including control of their
passwords.
Password management procedures. For example, procedures should be written to
govern how passwords are assigned, what are valid passwords, and when they
should be changed.
Procedures for developers to follow regarding the security of applications and
utilities.
Additionally, you should develop programs for training the user community about
security. Members of the security and operations staff should receive specialized
training regarding their specific roles.