Computer Security Policy: Part 1 - Hierarchy of Management Direction

When writing computer security policy, or any policy for that matter, it is important to remember that there is a hierarchy when it comes to the types of documents that make up policy.

• Laws & Regulations


• Policy


• Standards/Directives


• Procedure


• Guideline

Laws & Regulations

These are the compulsory rules, with sanctions, declared by the government for all citizens.

Here in Canada, the laws are passed by elected members of parliament.  In the United States, laws are passed by elected members of Congress, and then ratified by the Senate.  The president signs the law into being.

Policy

A policy is "a high level statement of enterprise beliefs, goals, and objectives and the general means of attainment" (Peltier).   Another way to look at it is that "policy is the articulation of the intentions of management".  (Fites/Kratz)

It's a course of action or a principle taken by a group of individuals used to govern themselves.

Standards

Standards could be defined as required activities that provide a support structure and direction on how to carry out policies.

"A document, established by consensus and approved by a recognized body, that provides, for common and repeated use, rules, guidelines or characteristics for activities or their results, aimed at the achievement of the optimum degree of order in a given context."  (Standards Council of Canada)

Procedures

A procedure is a set way to perform a task.  It is a series of instructions to be completed in a particular order or manner.

Guidelines

Guidelines are "general statement designed to achieve policy".  (Peltier)

They could also be classified as a forceful recommendation to achieve a certain goal.

Published: Securing Lotus Domino for the Web - Email Relay

Securing Lotus Domino for the Web - Email Relay

View more documents from John Lawren James

Domino databases can disappear when UNIX/LINUX server is shutdown

Abstract

In certain cases on a Domino 8.5.2 FP1 server, the contents of the Domino data directory can be deleted during shutdown on UNIX and Linux platforms. This does not happen frequently or on all Domino servers. However, if this does happen, a backup restore of the data will be necessary.

This IBM Alert addresses an issue with the ~notetmp.reg file on UNIX or LINUX servers running Domino 8.5.2 FP1.

This is what happens:

The problem occurs if ~notetmp.reg points to the Domino data directory as the temp directory and also contains an empty string filename. In that case, Domino sees everything in the data directory as temporary and all files will be deleted at server shutdown. 

More information can be found on the IBM support site.   Reference is SPR# DWON8FVMYS.

Thanks to Gunawan T. Wicaksono for pointing this Alert out.

Admin Notes: Fixes for File Viewer Vulverabilities in Lotus Notes

Just a quick note to make sure this gets out there.

I'm taking on more 'security' type duties at work.   This is something that falls under both my hats.

IBM Support has released a Flash Alert regarding some vulnerabilities discovered in Lotus Notes.

More information can be found on the IBM Support site.

I do like the fact that they have provided work around information all the way back to Lotus Notes 5.x.

Admin Notes: Lookup of IP address for host failed

If you come across and error like this in your Lotus Domino console, or log file:

"Lookup of IP address for host xxxxx.xxxxx.xxx failed"

Take a look at your Internet Site Documents, chances are one of them (a non-website one) has an invalid domain name.

Cross Country Lotus User Group - May 12th, 2011

PLEASE NOTE THE UPDATES TO THE AGENDA IN BLUE

Date:  Thursday,  May 12th, 2011

Time:    1:00pm to 5:00pm –  Eastern Daylight Time  -  Montreal, Ottawa, Toronto

            11:00am to 3:00pm –  Mountain Daylight Time - Calgary

            10:00am  to 2:00pm – Pacific Daylight Time  - Vancouver

Locations

Montreal 1360 René Levesque Blvd West, 13th floor, Conference Room Local Host: Angela Caruso, acaruso@ca.ibm.com

Ottawa 340 Albert St, Room 100 Local Host: Connie Triassi, ctriassi@ca.ibm.com

Toronto 120 Bloor Street East   Suite 104 Local Host: Rosie Seth, rseth@ca.ibm.com

Calgary 227 - 11th Avenue SW,  2nd floor, Room 2-045 Local Host:  Don Gillis, dgillis@ca.ibm.com

Vancouver 4611 Canada Way, Burnaby, BC, Queen Charlotte Room Local Host: Jayne Johnson, jaynej@ca.ibm.com

Welcome to the Cross Country Lotus User Group Meeting!

Agenda:

Montreal/ Ottawa/ Markham	Calgary	Vancouver	Topic  & Speaker	Speaker’s Location
12:30 Lunch	10:30 Coffee	9:30 Coffee	Meet & Greet
1:00	11:00	10:00	Welcome and Agenda
1:05	11:05	10:05	Lotus Notes 8.5.3  –How to set up Notes 8.5.3 for former outlook users Mary Beth Raven – IBM Senior Technical Staff Member - Responsible for UI Design	Montreal
2:00	12:00	11:00	DraganRAD– DragonRAD is a mobile enterprise application platform that empowers developers without specialized mobile development skills to create data-driven enterprise applications that run across multiple smartphones and tablets including BlackBerry®, BlackBerry PlayBook™, Android™, iPhone®, iPad®, and Windows Mobile™. Gord Graham – Seregon Solutions	Ottawa
2:40 Coffee	12:40 Lunch	11:40 Lunch	Networking
3:00	1:00	12:00	How I got started in XPages development! – My first steps into XPages were daunting because of how much I felt I didn't know, how far behind I thought I would be and how steep I was afraid the learning curve was.  I am happy to report that I am glad I took those first steps and am quite excited about using XPages.  I will explain my background in Notes, the resources I have used to become familiar with XPages and then demonstrate some XPages features and discuss the things that I find really powerful in XPages compared to traditional Lotus Notes development. Graham Acres – Brytek Systems Inc	Burnaby
4:00	2:00	1:00	TLCC  - The Leader in XPages Training Paul Della-Nebbia  will take a few minutes to tell us about TLCC’s Introduction to XPages Development 8.5 Workshop coming soon to a city near you!	Toronto
4:15	2:15	1:15	8.5.x Domino Server Availability and Tuning Do you want to keep your Domino servers available 99.999% of the time? Is part of that goal to minimize cost and take economic advantage of what's new in Domino for Release 8.5 on? There are capacity planning and administrative actions, design decisions as well as a lack of ongoing and proactive tuning practices that threaten those goals. Gleaning from the struggles, successes and failures of several enterprise deployments using the latest Domino features and configuration options, this session will yield a vital list of items that may need correction as well as procedural changes going forward. John Curtis – IBM Senior Technical Staff Member – Domino Development	Remote
5:00	3:00	2:00	End of Meeting

IBM is pleased to provide lunch and refreshments in each of the host cities.

Register for the Event: https://events.webdialogs.com/register.php?id=df080a48bc&l;=en-US

Upon registration you will receive the information for the web and phone conference. If clicking the link above does not work, please copy the entire link and paste it into your Web browser.

Sharing: OSF DataLossDB

I just wanted to share a site that I refer to frequently, the DataLossDB from the Open Security Foundation.

They track both Incidents and Fringe Incidents relating to the loss of data by an organization.

I got thinking about it today because I just submitted my first report to them, not for myself, but for a news article that I spotted online.