This particular strategic issue constitutes most of the tasks usually associated with implementing security and consequently occupies the largest portion of this book. If that means using both group profiles and authorization lists, go right ahead. Since thieves started to steal databases, the classification of these identification numbers has been upgraded to restrict access and more tightly control their use. To launch App Admin, right click on the system name in i Navigator and choose Application Administration. Although these disruptions are typically accidental, malicious attacks can also occur. Although limited profile sharing may be acceptable for a specific application, as a rule system integrity requires you to prevent profile sharing. I often see users authorize group profiles to an authorization list.
Your security implementation will certainly need to address the threat from disgruntled employees and hackers. Access is configured the same way as in the System i Navigator and Client Application tabs. Having an up-to-date and enforceable security policy lets you implement a security scheme confidently and provides a clear pathway for resolving issues. To maintain a security implementation, you must proactively monitor the compliance of your security implementation as well as review the security-related events that take place on your system each day. Getting Started The hardest part of implementing a sound security scheme is getting started. To replicate this setting to other features, right click on the customized line and choose Copy Access Settings.
Securing private data is a vital aspect of keeping private data private. And you need to establish and carry out security auditing procedures. In other words, little if any overlap should exist in the classification definitions. Because your security requirements, as well as pieces of the system e. These measures can include Badge readers Cipher locks on critical areas e.
In addition, you have to make sure that, amidst the chaos of change, you can effectively and efficiently administer the security of the system. Granting a private authority to a multi-member file can literally add hundreds of entries both user profiles. Your policy will document who is responsible for such decisions so that conflicts can be resolved. Written in a clear, jargon-free style, this book covers topics such as system security levels, user profiles, service tools, encryption, auditing, compliance, and incident response. The production environment on your systems must be stable except for planned changes made using some type of change management system. The only way to determine whether your implementation is working is to check the compliance of the current system settings against your security policy and continue to do so on an ongoing basis.
Readers purchased and read the book because they believed in that principle and wanted to learn more. The message here is that you should use whichever tool or tools make your job easier. Data owners need to know the regulatory requirements for their data; if no requirements exist, they should base the retention period on the needs of the business. But you should first develop a security policy; then concentrate on simple security basics, which can prevent accidents and employees from damaging the system, and a good business contingency plan, which can reduce the effects of a natural disaster or other form of site loss or system outage. However, security cannot enforce a policy of acceptable uses of the private data once that data has been collected or viewed.
Recent exploits should have you considering whether email addresses should be reclassified as well. Not all systems need to be locked down like Fort Knox. The individual who owns the data should decide the classification under which the data falls. Written in a clear, jargon-free style, this book explains the importance of developing a security policy and gives detailed guidance on how to implement and maintain such a system. Technical Note The operating system that is the subject of this book has undergone several name changes throughout its history. The author's methodology for implementing security is described in great detail, focusing on compliance with stated policies and procedures within an organization. All administrators are pressed for time.
Evaluating the Threats What types of problems pose the greatest threat to your information security plan and implementation? A lot of energy is expended, but not much is accomplished. These two scenarios illustrate the importance of the integrity and accuracy of your programs and data. How am I going to do that? For one thing, many laws and regulations require them. Also, it is helpful to use a term for the title of the classification that indicates the type of data that falls into the particular category. Integrity Information security also addresses the integrity of your applications and data. Her latest book, is a now available.
Aside from taking a hammer to your hard drives, there used to be no way to ensure your data could not be recovered. Evaluating Your Risks Your security strategy and implementation must take into account the potential for a security breach — whether accidental or intentional — that could result in the disclosure, modification, or deletion of your information assets. If your organization can implement security best practices, not only will you comply with most current laws and regulations, but you will be in a position to comply with future laws and regulations, or at least not have a difficult time coming into compliance. Others have data that only a few people should be able to see. Data Ownership In addition to classifying data, an organization needs to assign an owner. What would the cost be if this data were lost or stolen? Written in a clear, jargon-free style, this book covers topics such as system security levels, user profiles, service tools, encryption, auditing, compliance, and incident response. Organizations that have addressed security as a business function for many years tend to have mature — that is, very comprehensive — security policies.
Whether the data needs to be encrypted —Data owners must decide whether their data needs to be encrypted. For information about writing a security policy, see Chapter 2. There are no hard and fast rules about the titles and number of data classifications. Finally, buy-in from the highest levels of management on your security policy is critical to its successful implementation and enforcement. Tip 1 explains how to configure Application Administration access controls.