Your role as security adminstrator is to implement
and maintain the organization's security policy. Some organizations
include security administrators in the development of the security
policy; other organizations charter security administrators to implement
and maintain an established policy. For an example of a company security
policy, see “Site Security Policies”.
As security administrator (or officer), your job
is to see that the security policy is implemented and maintained.
Regularly monitoring the system for possible security violations and
vulnerabilities is absolutely necessary. Whenever you detect problems,
you should see that they are corrected.
Many times organizations divide the duties of
computer administrators. The security administrator monitors the system
and reports problems, and the system manager implements policy and
manages the system. In this management structure, the security administrator
works in tandem with the system manager. Some system managers choose
to employ an accounts clerk to set up user accounts and process the
required paperwork justifying the need for an account. This is always
a highly trusted individual who essentially acts as a co-system manager.
With a division of labor, it is critical for the system manager and
security administrator to communicate regularly. The security administrator
should report security problems to users or, if necessary, to system
managers or the accounts clerk so problems are corrected.
Another division of duties, common to many OpenVMS
installations, combines the roles of security administrator and system
manager. One person implements the security policy and maintains the
system to meet its requirements.
Secure system management, however it is organized,
involves training users, setting up accounts and passwords, protecting
sensitive system files and resources, and auditing and analyzing security-relevant
events. Learning how systems are used and recognizing "normal" system
activity are critical to secure management.