Defining Security Policy
Security policies should be site-tailored and should take into account the site’s circumstances and computing environment. Although most terms and conditions differ from site to site, the following are general recommendations that are true for almost all circumstances.
Assign an Owner or Operator
Every device or piece of software should have a real person responsible for it and caring about it (at least in principle). This means that someone should be accountable in case some Ethernet switch somewhere on your network was misconfigured or was not connected to a UPS when it should have been. This also means that someone should be responsible for updating software and applying patches.
Authority Should Be Equal to Responsibility ...
Get Solaris 8 Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
