Planning your security strategy

 

This topic describes various aspects of planning a security strategy.

Once you have defined your company's security values within your security policy, you can begin developing your security strategy. A security strategy provides a systematic approach to all the planning tasks that are necessary for implementing your company's security policy. To best complete this goal, you need to start at the most basic security need and then work to more specific security issues.

For example, the suggested approach that this information takes is to begin with planning physical security of your hardware and information assets and then to plan specific security for your system, users, resources, and network. As you develop your security strategy, begin at the most general security concerns and then move toward other more specific security goals. Each planning step is arranged to be completed in order.

Using system values to customize your system

The system uses system values and network attributes to control many things other than security. The system and application programmers use most of these system values and attributes. The security officer should set a few system values and network attributes to customize your system.

Assigning a name to your system

You use the SYSNAME network attribute to assign a name to your system. The system name appears in the upper-right corner of your sign on display and on system reports. It is also used when your system communicates with another system or with personal computers using iSeries™ Access for Windows®.

When your system communicates with other systems or personal computers, the system name identifies and distinguishes your system from others on the network. Computers exchange system names whenever they communicate. Once you assign a system name, you should not change it, because changing it affects other systems in your network.

Choose a meaningful and unique name for your system. Even if you are not communicating with other computers today, you may in the future. If your system is part of a network, the network manager will probably tell you what system name to use.

Choosing the date display format for your system

You can set the sequence in which year, month, and day appear when your system prints or displays the date. You can also specify what character the system should use between the year (Y), month (M), and day (D). The system value QDATFMT determines the date format. The following chart shows how the system prints the date, 16 June 2000, for each possible choice.

Table 1. Date and time formats
Your choice Description Result
YMD Year, Month, Day 00/06/16
MDY Month, Day, Year 06/16/00
DMY Day, Month, Year 16/06/00
JUL Julian Date 00/168

These examples use the slash (/) date separator.

The system value QDATSEP determines what character the system uses between year, month, and day. The table below shows your choices. You use a number to specify your choice.

Table 2. Date separator characters
Separator character QDATSEP value Result
/ (slash) 1 16/06/00
- (hyphen) 2 16-06-00
. (period) 3 16.06.00
, (comma) 4 16,06,00
(blank) 5 16 06 00

The above examples use the DMY format.

Setting the time display format for your system

The QTIMSEP system value determines what character the system uses to separate hours, minutes, and seconds when it shows the time. You use a number to specify your choice. The table below shows how the time of 10:30 in the morning would be formatted using each value:

Table 3. Time separator characters
Separator character QTIMSEP Result
: (colon) 1 10:30:00
. (period) 2 10.30.00
, (comma) 3 10,30,00
(blank) 4 10 30 00

Deciding how to name your system devices

Your system automatically configures any new display stations and printers you attach to it. The system gives a name to each new device. The QDEVNAMING system value determines how the names are assigned. The chart below shows how the system names the third display station and the second printer attached to your system:

Table 4. System device names
Your choice Naming format Display station name Printer name
1 iSeries DSP03 PRT02
2 S/36 W3 P2
3 Address of the device DSP010003 PRT010002

In the above example, the display station and printer are attached to the first cable.

Recommendations

Use naming conventions not device addresses, unless you are running software which requires S/36 naming. Names for display stations and printers are less cumbersome than names which use the address of the device. Display station and printer names appear on several Operational Assistant displays. Printer names are also used to manage printer output.

After the system has configured a new device, use the Change Display Device (CHGDEVDSP) command or the Change Printer Device (CHGDEVPRT) command to enter a meaningful description of the device. Include in the description both the physical address of the device and its location, such as John Smith’s office, line 1 address 6.

Choosing your system printer

Use the QPRTDEV system value to assign your system printer. This system value, the user profile, and the job description determine which printer a job uses. The job uses the system printer unless the user profile or the job description specifies a different one.

Recommendations

Normally, your system printer should be the fastest printer on your system. Use the system printer for long reports and system output.

You will not know the names of your printers until you install and configure your system. Make a note about the location of your system printer now. Fill in the name of the printer later.

Allowing the display of completed printer output

The system provides users the ability to find their printer output. The Work with Printer Output display shows all the output that is currently printing or waiting to print. You can also allow users to look at a list of completed printer output.

This display shows when the output printed and on what printer it printed. This can be useful in locating lost reports. The job accounting function and the QACGLVL system value allows you to display completed printer output. The *PRINT option for the QACGLVL system value allows information about completed printer output to be saved.

Storing information about completed printer output takes space on your system. Unless you think your users will print many reports, you probably do not need to provide this function. Enter NO on the System Values Selection form. This value sets the job accounting level to *NONE.

Before planning user groups

  • Make sure you have written a security policy statement for your own company similar to the JKL Toy Company example that Sharon Jones and John Smith prepared.

  • Make sure you have entered your choices for the system values on the System Values Selection form.

  • Make notes about what you would like to include in your security memo.
After you have entered all your system options on the System Values Selection form and written a security policy, you can plan user groups.

  • Developing a security policy
    This topic defines a security policy and explains the process for creating a security policy.

  • Planning physical security
    This topic describes physical security, the key tasks for planning physical security, and explains why these tasks are important.

  • Planning system security
    System security entails controlling user access and their privileges, maintaining information integrity, monitoring processes and access, auditing system functions, and providing backup and recovery of security related information.

  • Planning user security
    Planning user security includes planning all areas where security affects the users on your system.

  • Planning resource security
    This topic describes each of the components of resource security and how they all work together to protect information on your system. It also explains how to use CL commands and displays to set up resource security on your system.

  • Planning network security
    When connecting to an untrusted network, your security policy must describe a comprehensive security scheme, including the security measures that you will implement at the network level.

  • Planning APPC security
    Use this information to understand how Advanced Program-to-Program Communication (APPC) works and how you can set up the appropriate security for APPC on your system.

  • Planning TCP/IP security
    TCP/IP (Transmission Control Protocol/Internet Protocol) is a common way that computers of all types communicate with each other.

  • Planning backup and recovery of security information
    This information explains the necessity of planning the backup and recovery of your security information.

 

Parent topic:

Planning and setting up system security