• Subject: Re: Security Admin package for multi level security
  • From: Jim Langston <jlangston@xxxxxxxxxxxxxxxx>
  • Date: Thu, 04 Nov 1999 13:54:13 -0800
  • Organization: Conex Global Logistics Services, Inc.

Actually, your description is partly correct regarding government
security clearance, but leaves something out.  That is called the
"Need to know".  Even though I have a secret security clearance
does not mean I have access to all data that is marked as secret.
I only have access to it if I have a "Need to know" the information.

If something is marked as Top Secret, and I have a Secret clearance,
I can never see that data, even if I have a need to know it, unless my
clearance is upgraded to Top Secret.

The AS/400 security handles this pretty well on a "Need to know"
basis if the security is set up correctly.  The security administrator
must determine the need to know any piece of information, or access
to a program.  All other data should be excluded, unless a need to
know is shown.

A notable exception to this rule, however, is the Security Officer,
who basically has all access to the system.  But then, the Security
Officer can be considered to have the "need to know" the entire
system.

Regards,

Jim Langston

"V. Leveque" wrote:

> I'm not sure how Bob/Martin would define it, but conventionally it is the
> security model followed for government classified information.  Each item of
> information has a classification, based on the consequences if disclosed
> (e.g., Top Secret means it would cause "grave harm" to national security if
> disclsed, etc.).  Each user is given a clearance level corresponding to how
> trustworthy they are(are they citizens?  Did they pass the polygraph test?
> Did they ever "inhale"?).  The higher the clearance you have, the higher the
> classification of information you can access.

<SNIP>

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].