|
midrange.com
Very good!
I lumped this under "discretionary access control" which as you pointed out
the 400 does well.
To look at "Top Secret -- Crypto" classified data, a "Top Secret -- Nukes"
clearance will not do.
The security officer is always an issue, which is why this person must be
trusted. Less of an issue with AS/400, as many functions which require
"root" on UNIX can be done with a more granular special authority on the
AS/400. You don't have to give away the whole machine just because a help
desk person may need to reset passwords once in a while.
But most businesses still need transactional security more -- you aren't
keeping secrets so much as keeping people from writing checks to themselves
& charging it to "suspense". Major fraud looks really bad when it hits the
Wall Street Journal.
At 01:54 PM 11/4/99 -0800, you wrote:
>Actually, your description is partly correct regarding government
>security clearance, but leaves something out. That is called the
>"Need to know". Even though I have a secret security clearance
>does not mean I have access to all data that is marked as secret.
>I only have access to it if I have a "Need to know" the information.
>
>If something is marked as Top Secret, and I have a Secret clearance,
>I can never see that data, even if I have a need to know it, unless my
>clearance is upgraded to Top Secret.
>
>The AS/400 security handles this pretty well on a "Need to know"
>basis if the security is set up correctly. The security administrator
>must determine the need to know any piece of information, or access
>to a program. All other data should be excluded, unless a need to
>know is shown.
>
>A notable exception to this rule, however, is the Security Officer,
>who basically has all access to the system. But then, the Security
>Officer can be considered to have the "need to know" the entire
>system.
>
>Regards,
>
>Jim Langston
>
>"V. Leveque" wrote:
>
>> I'm not sure how Bob/Martin would define it, but conventionally it is the
>> security model followed for government classified information. Each item of
>> information has a classification, based on the consequences if disclosed
>> (e.g., Top Secret means it would cause "grave harm" to national security if
>> disclsed, etc.). Each user is given a clearance level corresponding to how
>> trustworthy they are(are they citizens? Did they pass the polygraph test?
>> Did they ever "inhale"?). The higher the clearance you have, the higher the
>> classification of information you can access.
>
><SNIP>
>
>+---
>| This is the Midrange System Mailing List!
>| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
>| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
>| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
>| Questions should be directed to the list owner/operator: david@midrange.com
>+---
>
>
|----------------------------| "Outside of a dog, a book is a man's
|\ / | \ / | best companion. Inside of a dog,
| \/ INCENT |__E \/EQUE | it's too dark to read."
|----------------------------| -- Groucho Marx
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
