In addition to the base security controls, it is strongly recommended that all information resources (data, programs) owners carefully evaluate the additional controls listed in this section and, based upon the potential risk and/or exposure, select those appropriate for their application.
The combination of base controls and the following additional controls provides the user/owner with a comprehensive set from which to build an effective, yet tailored, security program.
This control ties the unique personal identification code to specifically identified devices (terminals). Attempts to gain access from an unauthorized device would be denied.
This control is tied to personal identification codes, and may be used to limit user access to only specified computer facilities (hardware/software access mechanisms), such as TSO, CICS, and batch. Attempts to gain access to unauthorized facilities will be denied.
This control provides for the limiting of individual access privileges for specific users to specify days of the week, (for example, Monday through Friday, Wednesday only). Attempts to gain access on restricted days will be denied.
This control provides for the limiting of individual access privileges for specific users to specify hours of the day (for example, 8:00‑5:00, 4:00‑12:00). Attempts to gain access during restricted hours will be denied.
|
Copyright © 2010 CA Technologies.
All rights reserved.
|
|