Security Policies

     

A well-written data security policy is like a good disaster recovery policy: Everybody says and knows it's important, but only a few people actually implement it. Part of the reason people may be reluctant to write an official security policy is that they hope they never need it ”just like they hope they never need a disaster recovery policy. Most people realize they need it only after a problem has been discovered .

A security policy does not need to be very complicated. It should establish the following:

  • Procedures for users requesting access to resources

  • Procedures for granting users access to resources after the request is approved

  • Consequences for accessing unauthorized resources

In addition, if your Information Systems department has multiple levels of administrative authority, the security policy documentation should outline which groups have responsibility for which aspects of the network. In many organizations that implement such a written policy, the policy can be added to the Human Resources manuals or documentation.

It is also recommended that competency testing be implemented. This enables you to verify that people who have a certain level of administrative access know how to properly use their access to perform their job functions. Granting administrative authority of any kind to a resource on the network should be done only if you (or management) have confidence in the people assigned those tasks .

Now that we have covered the physical aspects of security, we can talk about logical, or software-based, security ”the security that is inherent in NDS.



Novell's Guide to Troubleshooting eDirectory
Novells Guide to Troubleshooting eDirectory
ISBN: 0789731460
EAN: 2147483647
Year: 2003
Pages: 173

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net