Editing Talk:SPG:Drafts:Security Policy

Jump to: navigation, search

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision Your text
Line 9: Line 9:
 
A lot of the definitions double as roles&resps, would it be enough to remove these duplicates and say “other terms are defined in roles & responsibilities”? I would remove those with “* Management” from definitions but leave as a role
 
A lot of the definitions double as roles&resps, would it be enough to remove these duplicates and say “other terms are defined in roles & responsibilities”? I would remove those with “* Management” from definitions but leave as a role
  
'''Answer from DaveK''': Thanks. I see what you are getting at but I am not sure, SPG should discuss.
+
'''Answer from DaveK: Thanks. I see what you are getting at but I am not sure, SPG should discuss.'''
  
 
* Network Security
 
* Network Security
 
You define a responsibility of the Resource Centre that isn’t included in the Roles & Resps section above.  
 
You define a responsibility of the Resource Centre that isn’t included in the Roles & Resps section above.  
  
'''Answer from DaveK''': Thanks. New wording for one of the Resource Centre Management responsibilities: Resource Centres acknowledge that participating in the e-Infrastructure and allowing related inbound and outbound network traffic increases their IT security risk. Resource Centres are responsible for accepting or mitigating this risk.
+
'''Answer from DaveK: Thanks. New wording for one of the Resource Centre Management responsibilities: Resource Centres acknowledge that participating in the e-Infrastructure and allowing related inbound and outbound network traffic increases their IT security risk. Resource Centres are responsible for accepting or mitigating this risk.'''
  
 
* Exceptions to Compliance
 
* Exceptions to Compliance
 
“ details notified to the Security Officer” which Security Officer? There are 3 defined in the policy
 
“ details notified to the Security Officer” which Security Officer? There are 3 defined in the policy
  
'''Answer from DaveK''': Thanks. Now says ''e-Infrastructure'' Security Officer.
+
'''Answer from DaveK: Thanks. Now says ''e-Infrastructure'' Security Officer'''
  
 
* Sanctions
 
* Sanctions
Line 25: Line 25:
 
“Any activities thought to be illegal may be reported to appropriate law enforcement agencies.” Does this not leave us in a difficult position? I would rather replace “may” with “will”, but I see the issues with both ways. I imagine you discussed this.
 
“Any activities thought to be illegal may be reported to appropriate law enforcement agencies.” Does this not leave us in a difficult position? I would rather replace “may” with “will”, but I see the issues with both ways. I imagine you discussed this.
  
'''Answer from DaveK''': Thanks. Fixed the missing italics. Regarding illegal may or will, this has been discussed a long time ago and we prefer to leave as "may". For one it may not be "us" who does the reporting.
+
'''Answer from DaveK: Thanks. Fixed the missing italics. Regarding illegal may or will, this has been discussed a long time ago and we prefer to leave as "may". For one it may not be "us" who does the reporting.'''
  
 
== More comments? ==
 
== More comments? ==

Please note that all contributions to EGIWiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see EGIWiki:Copyrights for details). Do not submit copyrighted work without permission!

Cancel Editing help (opens in new window)