× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



I agree with you Bryan. Policies are broad outlines, and can be discussed
publicly, Procedures are detailed and may have sensitive information. For
example the password policy may be "All user passwords will be nontrivial
passwords complying with generally accepted standards at least 10
characters in length, Passwords will be changed on a regular basis not to
exceed 90 days."

The procedure behind that might be: " User passwords will consist of a
mixture of upper and lower case letters and numbers. Passwords must not
match (a named dictionary file). The password must not be any of the
user's names or nicknames, or the names of family members or pets. Common
names will be contained in the dictionary file. Passwords must contain at
least one numeric digit, and a mixture of upper and lower case letters.
New passwords should contain at least 3 different characters as compared
to the old password. New passwords must not match any of the last 10
passwords."

The fact that this policy mentions a specific dictionary file is
information I wouldn't want publicly known, since this could comprise
security.

Steve

Steven Morrison
Fidelity Express





"Burns, Bryan" <Bryan_Burns@xxxxxxxxxxxx>
Sent by: midrange-l-bounces@xxxxxxxxxxxx
05/23/2008 09:00 AM
Please respond to
Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>


To
<MIDRANGE-L@xxxxxxxxxxxx>
cc

Subject
Documenting Security Policies and Procedures






We've just started formally documenting our iSeries security policies and
procedures in order to become compliant with some security standards and
regulations. Management wants to include policies AND detailed
step-by-step procedures in the same document and I maintain that it's
important to keep the policy separate from the procedures.

Granted, when we're all finished, we could cut and paste all the policy
into a separate document so maybe it really doesn't make a difference.

Your comments will be appreciated.

Thanks,

Bryan Burns
iSeries Specialist



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.