ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvfaq.htm

167 lines
11 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Frequently asked questions" />
<meta name="abstract" content="These are common questions about setting up and using system security." />
<meta name="description" content="These are common questions about setting up and using system security." />
<meta name="DC.Relation" scheme="URI" content="rzamvplansec.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="faq" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Frequently asked questions</title>
</head>
<body id="faq"><a name="faq"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Frequently asked questions</h1>
<div><p>These are common questions about setting up and using system security.</p>
<div class="section" id="faq__faqquestionsoften"><a name="faq__faqquestionsoften"><!-- --></a><h4 class="sectionscenariobar">Questions
that customers often ask</h4><div class="p">Administrators and security officers are
faced with a wide variety of options and solutions for protecting the systems
that they manage. All of these potential solutions can be confusing and daunting;
however, good system security involves understanding your basic security needs
and the role that security plays within your company. To understand the value
of security for your company and its systems, you should know what security
means to you at its most basic level.<ol><li><strong>Why is security important? </strong><p><strong>Answer:</strong> The information stored
on your system is one of your most important business assets. This sensitive
information can be customer accounts, payroll statements, and financial statements.
You must balance the need for protecting this information with the need to
allow your employees access to complete their job responsibilities. You need
to keep three important objectives in mind when determining how to protect
your information assets: </p>
<div class="p"><ul><li><strong>Confidentiality:</strong> Good security measures can prevent people from
seeing and disclosing confidential information. On your systems, what information
do you consider confidential, which only a few select individuals can see
and maintain?</li>
<li><strong>Integrity:</strong> To some extent, a well-designed security system can
ensure the accuracy of the information on your computer. With the right security,
you can prevent unauthorized changes or deletions of data. </li>
<li><strong>Availability:</strong> If someone accidentally or intentionally damages
data on your system, you cannot access those resources until you recover them.
A good security system can prevent this kind of damage.<p> When people think
about system security, they usually think about protecting their system from
people outside the company, such as business rivals. Actually, protection
against curiosity or system accidents by proper users is often the greatest
benefit of a well-designed security system. In a system without good security
features, a user might unintentionally delete an important file. A well-designed
security system helps prevent this type of accident. </p>
</li>
</ul>
</div>
</li>
<li><strong>Who should be responsible for security on my system?</strong><div class="p"><strong>Answer:</strong> Different
companies take different approaches to security. Sometimes programmers have
responsibility for all aspects of security. In other cases, the person who
manages the system is also in charge of security. To determine who should
be responsible for security on your system or systems, consider the suggested
approach of: <ul><li>Your method of planning security depends on whether your
company purchases or develops applications. If you develop your own applications,
communicate your security needs during the development process. If you purchase
applications, understand and work with the application designer. In both cases,
the people who design applications should consider security as part of the
design. </li>
<li>Your method of planning resource security depends on whether your company
purchases or develops applications. If you develop your own applications,
communicate your resource security needs during the development process. If
you purchase applications, understand and work with the application designer.
In both cases, the people who design applications should consider security
as part of the design. </li>
</ul>
</div>
<p></p>
</li>
<li><strong>Why should I customize security on my system?</strong><p><strong>Answer:</strong> A
small system might have three to five users that run a few applications. A
large system might have thousands of users on a large communications network
running many applications. You have the opportunity to change many things
about how the system looks to your users and how it performs. </p>
<div class="p">When
your system first arrives, you probably will not need or want to do very much
customizing. IBM<sup>®</sup> ships
your system with initial settings, called defaults, for many options. These
defaults are the choices that usually work best for new installations. <div class="note"><span class="notetitle">Note:</span> All
new systems ship with a default security level of 40. This security level
ensures that only users who you have defined can use the system. It also prevents
potential integrity or security risks from programs that can circumvent security.</div>
</div>
<p>However,
if you do some customizing, you can make your system a simpler and more effective
tool for your users. For example, you can make sure that a user always gets
the correct menu when signing on. You can make sure that every user's reports
go to the right printer. Your users will feel that more confident about the
system if you do some initial customizing to make it look and feel like their
own system.</p>
</li>
</ol>
</div>
</div>
<div class="section" id="faq__faqquestionshould"><a name="faq__faqquestionshould"><!-- --></a><h4 class="sectionscenariobar">Questions
customers should ask themselves</h4><div class="p"><ol><li><strong>Have I clearly defined my company's business requirements?</strong><p><strong>Answer:</strong> To
plan and set up security on your systems effectively, you must first know
what your business requires to function effectively and efficiently. You need
to understand how your systems will be used within your company. For example,
systems that contain critical applications, such as databases that contain
your company accounts, would need higher level of security than systems used
for testing products within your company. </p>
</li>
<li><strong>What assets do I want to protect?</strong><p><strong>Answer:</strong> Your business
assets comprise not only the physical systems that you manage, but also the
data and information that is stored on them. To minimize theft and tampering,
you need to create an inventory of your systems and the information that they
store. </p>
<p>The amount of security you need depends on the type of information
stored on that system, the sensitivity of that information, and the consequences
to your business if that data is stolen or compromised. Understanding the
risks that your systems may face allows you to more effectively manage security
on your systems.</p>
</li>
<li><strong>Do I have a company policy regarding security?</strong><p><strong>Answer:</strong> A
security policy defines your company's requirements for protecting your company's
resources, responding security-related incidents, and conducting secure business
transactions with remote employees, business partners, and public customers.
This security policy should entail physical security of your systems, network
security issues, such as Internet access for employees, and measures for assessing
and monitoring security on your systems. Think of your security policy as
your foundation for all your security decisions. Your security policy needs
to reflect your core business values, but also be flexible enough to accommodate
future business demands.</p>
</li>
<li><strong>Do my employees have or need access to the Internet?</strong><p><strong>Answer:</strong> Today,
most companies see the need to allow employees access to the Internet to conduct
research and respond to customers related to daily operations of their businesses.
Whenever you connect your systems and users to the Internet, your internal
resources are at risk of an attack. To protect your network from these risks
that are associated with Internet use, you need to decide which network services
will be allowed, how users will connect to the Internet, and how network security
will be monitored in your network. Any decisions you make regarding the Internet
and its use needs to be clearly defined and communicated to employees within
your security policy. It is important to ensure that all your employees understand
and sign a compliance agreement with these policies. Although implementing
a network security policy is beyond the scope of this topic, you should include
information regarding network security in your overall security policy.</p>
</li>
</ol>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvplansec.htm" title="This topic collection provides you with detailed information about planning, setting up, and using your system security. This topic collection combines the information formerly in the Basic system security and planning topic collection and in the Tips and Tools for Securing Your iSeries manual.">Plan and set up system security</a></div>
</div>
</div>
</body>
</html>