Enforcing Device Security
The security administrator decides who can allocate devices. The security administrator should make sure that any user who is authorized to use devices is trained and can be trusted to do the following:
-
Properly label and handle any media containing exported sensitive information so that it does not become available to anyone who should not see it.
For example, if information at a label of
NEED TO KNOW ENGINEERINGis stored on a floppy disk, the person who exports the information must physically label the disk with theNEED TO KNOW ENGINEERINGlabel and store the disk where it is accessible only to members of the engineering group with a need to know. -
Ensure that labels are properly maintained on any information being imported (read) from media on these devices.
An authorized user should allocate the device at the label that matches the label of the information being imported. For example, if a user allocates a floppy drive at
PUBLIC, the user should only import information labeledPUBLIC.
The Security Administrator role also is responsible for enforcing proper compliance with the above-mentioned requirements.
- © 2010, Oracle Corporation and/or its affiliates