HP OpenVMS Guide to System Security

Security for the System Administrator

Managing the System and Its Data

Site Security Policies

Role of a Security Administrator  

As security administrator (or officer), your job is to seethat the security policy is implemented and maintained. Regularlymonitoring the system for possible security violations and vulnerabilitiesis absolutely necessary. Whenever you detect problems, you shouldsee that they are corrected.

Many times organizations divide the duties of computer administrators.The security administrator monitors the system and reports problems,and the system manager implements policy and manages the system.In this management structure, the security administrator works intandem with the system manager. Some system managers choose to employan accounts clerk to set up user accounts and process the required paperworkjustifying the need for an account. This is always a highly trustedindividual who essentially acts as a co-system manager. With a divisionof labor, it is critical for the system manager and security administratorto communicate regularly. The security administrator should reportsecurity problems to users or, if necessary, to system managersor the accounts clerk so problems are corrected.

Another division of duties, common to many OpenVMS installations,combines the roles of security administrator and system manager.One person implements the security policy and maintains the systemto meet its requirements.

Secure system management, however it is organized, involvestraining users, setting up accounts and passwords, protecting sensitivesystem files and resources, and auditing and analyzing security-relevant events.Learning how systems are used and recognizing "normal" systemactivity are critical to secure management.

Site Security Policies