Manualshelf

Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
21222324252627282930
Introduction
Security Management Guide522283-008
1-2
Least Privilege
Consider these practices and concepts when developing security programs and
procedures for your site:
Least privilege access
Segregation of duties
Proper physical security
Security practice review
Least Privilege
Least privilege dictates that each user access the system based on user need. Using
this restrictive approach, you might not initially provide sufficient access for some
people to get their jobs done, but you can correct this matter by granting access as
needed. This approach is better than allowing unwarranted access, which can become
impossible to correct and result in serious consequences for your organization.
Segregation of Duties
Everyone’s role in regard to security should be well defined. Define who is responsible
for adding and controlling user IDs, user aliases, and file-sharing groups; for controlling
system objects; and for auditing security-relevant events. This practice is called
segregation of duties.
Restrict security-relevant tasks to members of the security staff. For example, do not
allow members of the technical support staff to have security-relevant authorities.
Proper Physical Security
Sensitive information should be stored in locked areas. Maintain a database of
everyone who is allowed access to an area, including what each user is allowed to
access. Users should be granted access only if they have a genuine need for the
information. Keep a log of everyone who enters secure areas.
Decide on a method for controlling access to secured areas. For example, consider
electronic card readers, escorts, or security guards.
For more information, see Suggested Reading on page xiv.
Security Practice Review
Your organization’s auditors should be able to produce evidence that the security
procedures of your organization are being followed. For more information, see
Section 8, Concerns for the EDP Auditor. Many commercially available texts also
provide information about this topic. For more information, see Suggested Reading on
page xiv.