HostedDB - Dedicated UNIX Servers

fips191_26 FIPS PUB 191 is that the user is not only provided with a risk analysis methodology, but also with an awareness and understanding of the agency policies that have derived the baseline controls.  In organizations where the responsibility for security resides with someone who is not a security practitioner, this approach may provide enough knowledge and direction to provide effective security. Other methodologies and approaches are available.   Some require a manual process; others are implemented in software.   Whatever risk analysis method is chosen by an organization, it must be effective in helping to implement effective LAN security and thus reduce the risk to the LAN. 3.2 Participants LAN  security  should  address  the  concerns  and  needs  of  the  organization  as  a  whole.  This perspective  can  only  be  obtained  by  including  representatives  from  relevant  areas  of  the organization. Minimally this should include: LAN  Management  is  responsible  for  the  operation  of  the  LAN.   LAN  Management  can provide  the  risk  assessment  group  the  correct  LAN  configurations,  including  hardware, software,  data,  and  functionality  mapping.     LAN  Management  can  also  determine  the immediate impacts that can occur if a threat is realized. Organizational  Management  is  responsible  for  supporting  the  LAN  security  policy  by providing  funding  to  implement  required  security  services  and  making  a  commitment  to ensure compliance with policy goals.  Organizational management has the proper perspective in assessing the longterm consequences to the organization if a threat is realized. Security  Personnel  are  responsible  for  ensuring  that  organizational  security  policies  are developed and adhered to. Data and Application Owners are responsible for ensuring that their data and applications are adequately protected and are available to authorized users. LAN Users are responsible for providing accurate information about their applications, data and LAN usage. The  above  list  generally  represents  those  individuals  involved  in  the  risk  analysis  of  most computer  systems  and  applications  (with  the  exception  of  LAN  management  if  there  is  no network).   What is unique about this list with regard to forming a team to assess LAN risks is that each group listed above may be multiplied to account for each part of an organization the LAN serves, each application that is processed on the LAN, and for the different requirements and  mandates  that  are  in  place  throughout  the  organization.    The  requirements  of  the  "LAN owner" in addition to the needs of many data and application owners have to all be considered. 28