HP 3000 Manuals

Security Policy [ Manager's Guide to MPE/iX Security ] MPE/iX 5.0 Documentation

Manager's Guide to MPE/iX Security

Security Policy 

A computer security policy is a set of laws, rules, and practices that
regulate how an organization manages, protects, and distributes sensitive
information.

A security policy will cover the following aspects of computer
operations:

   *   Types of facilities in which systems can be located.

   *   Who is allowed physical access to the system.

   *   Who is allowed to log on to the system.

   *   What audit records are to be logged.

   *   Types of permissible access to files.

   *   Types of permissible access to devices.

   *   Which security features will be enabled (for example):

          *   Use of ACDs to protect files and devices.

          *   Passwords required.

          *   Embedded passwords in jobs not allowed.

This list is not intended to be a comprehensive statement of a security
policy, but a guide to what should be included in your security policy.
Current and new users must be made familiar with the guideline and
indoctrinated in its use.  Periodic reinforcement of the message is a
must to assure continuing compliance with the policy and its updates.

MPE/iX 5.0 Documentation