Re: Who gets the magic scepter when there are three of it?

Subject: Re: Who gets the magic scepter when there are three of it?
From: Sally Derrick <sjd1201 -at- gmail -dot- com>
To: Jefe de redacción <editorialstandards -at- gmail -dot- com>
Date: Thu, 30 Sep 2010 09:24:01 -0500

So, maybe the CSO holds the second half of the CIO's token and vice versa?
Then maybe the Director of System Administration holds the second half of
the lead/head sys admin's token? As Mike indicated, an organization big
enough to have this level of security has a pretty big org chart. They
probably have multiple head sys admins to babysit each other.

Your table is just a suggestion/recommendation/example, right? As long as
the suggestions are plausible in some organization out there, you should be
okay. Every customer will have to make their own decisions based on their
staffing and business practices.

Sally



2010/9/27 Jefe de redacción <editorialstandards -at- gmail -dot- com>

> I had a nice table where I described a system of authentication tokens that
> should normally be held by different people. Separation of roles.
> The table included a column of suggested persons/roles in an organization
> who should be the holders of the individual tokens, like the CSO (Chief
> Security Officer), CIO (Chief Information Officer), head system
> administrator,
> and so on.
>
> The new, improved system allows each of those authentication tokens
> to be split across multiple physical devices, to ensure that no one person
> can present the complete authentication for a role without
> oversight/participation
> by fellow token-split holders.
>
> Now, the question is what happens to the suggestions (above) when there's
> usually only one CSO, one CIO, one head of system admin, etc. in
> an organization. We can hardly suggest that the CSO keep one split of
> his token, give one to his secretary, one to the janitor...
> We know that the janitor is an independent cuss, but we think the
> secretary might be influenced by her boss (the CSO) to look the other
> way, or to lend her split-token fragment inappropriately.
>
> Old, established, security-minded (institutionally-paranoid) corporations
> and government departments, and spy agencies will have thought this
> out already, but there are always new-kid companies and orgs that are
> just arriving at the righteously-paranoid stage and would like to see
> suggestions for implementation.
>
> Any suggestions, please?
> No, can't ask any of the existing paranoid companies/agencies. They
> keep such things close to their vests, and react badly to perceived prying.
> Don't want my corpse being found in discrediting circumstances.
>
> --
> __o
> _`\<,_
> (*)/ (*)
> Don't go away. We'll be right back. .
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> Create and publish documentation through multiple channels with
> Doc-To-Help.
> Choose your authoring formats and get any output you may need. Try
> Doc-To-Help, now with MS SharePoint integration, free for 30-days.
> http://www.doctohelp.com
>
> LavaCon 2010 in San Diego Sept 29 - Oct 2 is now open for registration.
> Use referral code TECHWR-L for $50 off conference tuition!
> See program at: http://lavacon.org/
>
>
> ---
> You are currently subscribed to TECHWR-L as sjd1201 -at- gmail -dot- com -dot-
>
> To unsubscribe send a blank email to
> techwr-l-unsubscribe -at- lists -dot- techwr-l -dot- com
> or visit
> http://lists.techwr-l.com/mailman/options/techwr-l/sjd1201%40gmail.com
>
>
> To subscribe, send a blank email to techwr-l-join -at- lists -dot- techwr-l -dot- com
>
> Send administrative questions to admin -at- techwr-l -dot- com -dot- Visit
> http://www.techwr-l.com/ for more resources and info.
>
> Please move off-topic discussions to the Chat list, at:
> http://lists.techwr-l.com/mailman/listinfo/techwr-l-chat
>
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Create and publish documentation through multiple channels with Doc-To-Help.
Choose your authoring formats and get any output you may need. Try
Doc-To-Help, now with MS SharePoint integration, free for 30-days.
http://www.doctohelp.com

LavaCon 2010 in San Diego Sept 29 - Oct 2 is now open for registration.
Use referral code TECHWR-L for $50 off conference tuition!
See program at: http://lavacon.org/


---
You are currently subscribed to TECHWR-L as archive -at- web -dot- techwr-l -dot- com -dot-

To unsubscribe send a blank email to
techwr-l-unsubscribe -at- lists -dot- techwr-l -dot- com
or visit http://lists.techwr-l.com/mailman/options/techwr-l/archive%40web.techwr-l.com


To subscribe, send a blank email to techwr-l-join -at- lists -dot- techwr-l -dot- com

Send administrative questions to admin -at- techwr-l -dot- com -dot- Visit
http://www.techwr-l.com/ for more resources and info.

Please move off-topic discussions to the Chat list, at:
http://lists.techwr-l.com/mailman/listinfo/techwr-l-chat


References:
Who gets the magic scepter when there are three of it?: From: Jefe de redacciÃn

Previous by Author: Re: Use of screenshots in procedures?
Next by Author: Re: What sort of experience would be better?
Previous by Thread: Re: Who gets the magic scepter when there are three of it?
Next by Thread: New Poll: Stability of your current tech pubs organization?


What this post helpful? Share it with friends and colleagues:


Sponsored Ads