HostedDB - Dedicated UNIX Servers

fips191_43 FIPS PUB 191 Functional  managers  (and  higher-level  management)  are  responsible  for  the  development  and implementation of effective security policies that reflect specific XYZ LAN objectives.  They are ultimately responsible for ensuring that information and communications security is, and remains, a highly visible and critical objective of day-to-day operations.  Specifically functional managers are responsible for the following: FM1. Responsible for implementing effective risk management in order to provide a basis for the formulation of a meaningful policy.   Risk management requires identifying the assets to be protected,  assessing  the  vulnerabilities,  analyzing  risk  of  exploitation,  and  implementing  cost- effective safeguards. FM2.   Responsible  for  ensuring  that  each  user  receive,  at  a  minimum,  a  copy  of  the  security policy and site handbook (if any) prior to establishing an account for the user. FM3. Responsible for implementing a security awareness program for users to ensure knowledge of the site security policy and expected practices. FM4. Responsible for ensuring that all personnel within the operating unit are made aware of this policy and responsible for incorporating it into computer security briefings and training programs. FM4. Responsible for informing the local administrator and the LAN Management Division of the change in status of any employee who utilizes the XYZ LAN.   This status change includes an  interagency  position  change,  interdivision  position  change,  or  a  termination  from  XYZ employment. FM5. Responsible for ensuring that users understand the nature of malicious software, how it is generally spread, and the technical controls to use for protection. 3. Local Area Network (LAN) Management Division The LAN Management Division (or designated personnel) is expected to enforce (to the extent possible) local security policies as they relate to technical controls in hardware and software, to archive  critical  programs  and  data,  and  to  control  access  and  protect  LAN  physical  facilities. Specifically, LAN management is responsible for the following: NM1. Responsible for rigorously applying available security mechanisms for enforcement of local security policies. NM2. Responsible for advising management on the workability of the existing policies and any technical considerations that might lead to improved practices. 45