Sample User Guide › Security Policy and Structure

Security Policy and Structure

This section discusses security-related issues and offers samples.

Security Reference Card

ANY COMPANY CORPORATE DATA SECURITY

REFERENCE CARD

In an effort to protect this company's valued data processing resources, the CA Top Secret data security product has been implemented. CA Top Secret controls who can access what resources, and how and when those resources can be accessed. Each employee is responsible for maintaining security within their scope. This entails:

• Keeping all accounts confidential
• Revising account passwords at regular intervals
• Notifying the appropriate person(s) if abuse of accounts are suspected
• Actively supporting all company security procedures.

A copy of the Company Security Policy can be obtained through your supervisor.

Security Glossary

The following are security-related terms you should know:

access

The way in which a resource can be used.

ACID

An acronym for accessor ID which identifies a user to CA Top Secret.

administrator

A person designated and authorized to grant users permission to access resources.

error message

A system response that displays to inform the user that the entered transaction is not valid; usually providing the reason for invalidity.

facility

The various facilities supported by the central computer, such as VM, TSO, CICS, CA Roscoe, BATCH.

mode

The security implementation stage which determines the manner in which CA Top Secret processes resource access requests. The four modes are: DORMANT, IMPLEMENT, WARN, and FAIL.

ownership

The state of being a protected resource. The "owner" of the resource has full access to the resource.

password

A unique string of characters associated with a particular ACID. Logon cannot be successful if an incorrect password is supplied.

permission

Authorization for access to an owned resource

profile

A collection of identical resource permissions associated with a group of users performing the same job function.

resource

Something protected by CA Top Secret such as a minidisk, data set, or terminal.

userid

See ACID

violation

An illegal attempt to access a resource.

Security Structure

The following chart illustrates how this company's security is structured. You may want to jot down the name and extension of your immediate department security administrator.

Secure Logon Procedures

Your security administrator has assigned to you a unique userid and password. Your userid/password combination identifies you to CA Top Secret and allows you access to the resources required to perform your job. It is imperative that you safeguard your userid/password. Abide by the following guidelines:

• MEMORIZE your userid/password upon receipt.
• All written records of your password must be DESTROYED
• DO NOT post your userid or password near the video terminal, disks, cabinets, bulletin boards, or other areas accessible to unauthorized individuals.
• DO NOT maintain your password in an unprotected data set or CMS file where others might view it.
• DO NOT share your ACID or password with anyone. Personnel requesting the use of another's ACID or password may be directed to the appropriate security administrator.
• Inform your security administrator IMMEDIATELY if you suspect that your ACID or password has been compromised and request a password change.