167 lines
11 KiB
HTML
167 lines
11 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="reference" />
|
||
|
<meta name="DC.Title" content="Frequently asked questions" />
|
||
|
<meta name="abstract" content="These are common questions about setting up and using system security." />
|
||
|
<meta name="description" content="These are common questions about setting up and using system security." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzamvplansec.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="faq" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Frequently asked questions</title>
|
||
|
</head>
|
||
|
<body id="faq"><a name="faq"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Frequently asked questions</h1>
|
||
|
<div><p>These are common questions about setting up and using system security.</p>
|
||
|
<div class="section" id="faq__faqquestionsoften"><a name="faq__faqquestionsoften"><!-- --></a><h4 class="sectionscenariobar">Questions
|
||
|
that customers often ask</h4><div class="p">Administrators and security officers are
|
||
|
faced with a wide variety of options and solutions for protecting the systems
|
||
|
that they manage. All of these potential solutions can be confusing and daunting;
|
||
|
however, good system security involves understanding your basic security needs
|
||
|
and the role that security plays within your company. To understand the value
|
||
|
of security for your company and its systems, you should know what security
|
||
|
means to you at its most basic level.<ol><li><strong>Why is security important? </strong><p><strong>Answer:</strong> The information stored
|
||
|
on your system is one of your most important business assets. This sensitive
|
||
|
information can be customer accounts, payroll statements, and financial statements.
|
||
|
You must balance the need for protecting this information with the need to
|
||
|
allow your employees access to complete their job responsibilities. You need
|
||
|
to keep three important objectives in mind when determining how to protect
|
||
|
your information assets: </p>
|
||
|
<div class="p"><ul><li><strong>Confidentiality:</strong> Good security measures can prevent people from
|
||
|
seeing and disclosing confidential information. On your systems, what information
|
||
|
do you consider confidential, which only a few select individuals can see
|
||
|
and maintain?</li>
|
||
|
<li><strong>Integrity:</strong> To some extent, a well-designed security system can
|
||
|
ensure the accuracy of the information on your computer. With the right security,
|
||
|
you can prevent unauthorized changes or deletions of data. </li>
|
||
|
<li><strong>Availability:</strong> If someone accidentally or intentionally damages
|
||
|
data on your system, you cannot access those resources until you recover them.
|
||
|
A good security system can prevent this kind of damage.<p> When people think
|
||
|
about system security, they usually think about protecting their system from
|
||
|
people outside the company, such as business rivals. Actually, protection
|
||
|
against curiosity or system accidents by proper users is often the greatest
|
||
|
benefit of a well-designed security system. In a system without good security
|
||
|
features, a user might unintentionally delete an important file. A well-designed
|
||
|
security system helps prevent this type of accident. </p>
|
||
|
</li>
|
||
|
</ul>
|
||
|
</div>
|
||
|
</li>
|
||
|
<li><strong>Who should be responsible for security on my system?</strong><div class="p"><strong>Answer:</strong> Different
|
||
|
companies take different approaches to security. Sometimes programmers have
|
||
|
responsibility for all aspects of security. In other cases, the person who
|
||
|
manages the system is also in charge of security. To determine who should
|
||
|
be responsible for security on your system or systems, consider the suggested
|
||
|
approach of: <ul><li>Your method of planning security depends on whether your
|
||
|
company purchases or develops applications. If you develop your own applications,
|
||
|
communicate your security needs during the development process. If you purchase
|
||
|
applications, understand and work with the application designer. In both cases,
|
||
|
the people who design applications should consider security as part of the
|
||
|
design. </li>
|
||
|
<li>Your method of planning resource security depends on whether your company
|
||
|
purchases or develops applications. If you develop your own applications,
|
||
|
communicate your resource security needs during the development process. If
|
||
|
you purchase applications, understand and work with the application designer.
|
||
|
In both cases, the people who design applications should consider security
|
||
|
as part of the design. </li>
|
||
|
</ul>
|
||
|
</div>
|
||
|
<p></p>
|
||
|
</li>
|
||
|
<li><strong>Why should I customize security on my system?</strong><p><strong>Answer:</strong> A
|
||
|
small system might have three to five users that run a few applications. A
|
||
|
large system might have thousands of users on a large communications network
|
||
|
running many applications. You have the opportunity to change many things
|
||
|
about how the system looks to your users and how it performs. </p>
|
||
|
<div class="p">When
|
||
|
your system first arrives, you probably will not need or want to do very much
|
||
|
customizing. IBM<sup>®</sup> ships
|
||
|
your system with initial settings, called defaults, for many options. These
|
||
|
defaults are the choices that usually work best for new installations. <div class="note"><span class="notetitle">Note:</span> All
|
||
|
new systems ship with a default security level of 40. This security level
|
||
|
ensures that only users who you have defined can use the system. It also prevents
|
||
|
potential integrity or security risks from programs that can circumvent security.</div>
|
||
|
</div>
|
||
|
<p>However,
|
||
|
if you do some customizing, you can make your system a simpler and more effective
|
||
|
tool for your users. For example, you can make sure that a user always gets
|
||
|
the correct menu when signing on. You can make sure that every user's reports
|
||
|
go to the right printer. Your users will feel that more confident about the
|
||
|
system if you do some initial customizing to make it look and feel like their
|
||
|
own system.</p>
|
||
|
</li>
|
||
|
</ol>
|
||
|
</div>
|
||
|
</div>
|
||
|
<div class="section" id="faq__faqquestionshould"><a name="faq__faqquestionshould"><!-- --></a><h4 class="sectionscenariobar">Questions
|
||
|
customers should ask themselves</h4><div class="p"><ol><li><strong>Have I clearly defined my company's business requirements?</strong><p><strong>Answer:</strong> To
|
||
|
plan and set up security on your systems effectively, you must first know
|
||
|
what your business requires to function effectively and efficiently. You need
|
||
|
to understand how your systems will be used within your company. For example,
|
||
|
systems that contain critical applications, such as databases that contain
|
||
|
your company accounts, would need higher level of security than systems used
|
||
|
for testing products within your company. </p>
|
||
|
</li>
|
||
|
<li><strong>What assets do I want to protect?</strong><p><strong>Answer:</strong> Your business
|
||
|
assets comprise not only the physical systems that you manage, but also the
|
||
|
data and information that is stored on them. To minimize theft and tampering,
|
||
|
you need to create an inventory of your systems and the information that they
|
||
|
store. </p>
|
||
|
<p>The amount of security you need depends on the type of information
|
||
|
stored on that system, the sensitivity of that information, and the consequences
|
||
|
to your business if that data is stolen or compromised. Understanding the
|
||
|
risks that your systems may face allows you to more effectively manage security
|
||
|
on your systems.</p>
|
||
|
</li>
|
||
|
<li><strong>Do I have a company policy regarding security?</strong><p><strong>Answer:</strong> A
|
||
|
security policy defines your company's requirements for protecting your company's
|
||
|
resources, responding security-related incidents, and conducting secure business
|
||
|
transactions with remote employees, business partners, and public customers.
|
||
|
This security policy should entail physical security of your systems, network
|
||
|
security issues, such as Internet access for employees, and measures for assessing
|
||
|
and monitoring security on your systems. Think of your security policy as
|
||
|
your foundation for all your security decisions. Your security policy needs
|
||
|
to reflect your core business values, but also be flexible enough to accommodate
|
||
|
future business demands.</p>
|
||
|
</li>
|
||
|
<li><strong>Do my employees have or need access to the Internet?</strong><p><strong>Answer:</strong> Today,
|
||
|
most companies see the need to allow employees access to the Internet to conduct
|
||
|
research and respond to customers related to daily operations of their businesses.
|
||
|
Whenever you connect your systems and users to the Internet, your internal
|
||
|
resources are at risk of an attack. To protect your network from these risks
|
||
|
that are associated with Internet use, you need to decide which network services
|
||
|
will be allowed, how users will connect to the Internet, and how network security
|
||
|
will be monitored in your network. Any decisions you make regarding the Internet
|
||
|
and its use needs to be clearly defined and communicated to employees within
|
||
|
your security policy. It is important to ensure that all your employees understand
|
||
|
and sign a compliance agreement with these policies. Although implementing
|
||
|
a network security policy is beyond the scope of this topic, you should include
|
||
|
information regarding network security in your overall security policy.</p>
|
||
|
</li>
|
||
|
</ol>
|
||
|
</div>
|
||
|
</div>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvplansec.htm" title="This topic collection provides you with detailed information about planning, setting up, and using your system security. This topic collection combines the information formerly in the Basic system security and planning topic collection and in the Tips and Tools for Securing Your iSeries manual.">Plan and set up system security</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|