Getting Users Involved
In Chapter 7, we discussed the steps you can take to create and implement a security policy and security plan. When it comes to web site security, one of the steps you can take with the greatest payoff in security is to make your policies clear and available to your users. Here are some ways you can let visitors to your site know what you expect from them and what they can expect from you:
Create and post a security policy screen that each user must acknowledge each time they access your site
Force each user to sign an agreement to observe your security policy — before they can get a logon to your site
Post information about the users’ rights when accessing your web site
The policy you post should outline the rules you intend to enforce and the consequences to the user if the rules are broken.
Educating Users
If you post a policy, you will need to ensure that you can enforce that policy. For example, if your intranet policy says that there are sites or newsgroups your employees are not permitted to access, you will have to be able to monitor their activities to ensure that they are not accessing those sites. If you are going to audit user actions, you have an obligation to notify your users of that fact.
You should be sure that you are able to enforce any policies you post. In the case of an intranet, you should try to involve your users in helping you enforce policies. Show them what steps they can take to keep the system and their data safe. The more your ...
Get Oracle Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
