re: Systems staff policy guidelines
btk@matrix.cray.com (Bryan Koch) Tue, 10 April 1990 19:05 UTC
Received: from timbuk.cray.com by cert.sei.cmu.edu (5.61/2.2) id AA17639; Tue, 10 Apr 90 15:05:58 -0400
Received: from matrix.cray.com by timbuk.CRAY.COM (4.1/CRI-1.34) id AA01829; Tue, 10 Apr 90 14:06:34 CDT
Received: by matrix.cray.com id AA11099; 4.0/CRI-3.12; Tue, 10 Apr 90 14:05:54 CDT
Date: Tue, 10 Apr 1990 14:05:54 -0500
From: btk@matrix.cray.com
Message-Id: <9004101905.AA11099@matrix.cray.com>
To: ssphwg@cert.sei.cmu.edu
Subject: re: Systems staff policy guidelines
We have a document titled "Policies and Procedures for Computer and Network Security", created about a year ago and distributed (after an extensive set of internal reviews) to all users of our corporate networks. There was a debate about whether or not to require employee sign-off on the new policies. Our legal staff said that new policies are created all the time; sign-off wasn't needed if we could prove that we had effectively communicated the policies. (That's the usual reason for requiring signatures.) Our policies document is general, describing objectives and values rather than being very specific. There is a section on Administration and Security that deals with the responsibilities of administrators and the limits to their powers. It begins: In the course of system operations, when problems occur, and to ensure system integrity, system administrators and security per- sonnel may examine the state and the contents of user files, directories, and other aspects of user accounts. These adminis- trative activities, and any others performed while exploring security or system integrity threats are exempt from the privacy policy described above. Administrators will not examine user data except as it relates to these administrative activities.
- Systems staff policy guidelines Mabry Tyson
- re: Systems staff policy guidelines Bryan Koch
- Re: Systems staff policy guidelines Eliot