TechWhirl (TECHWR-L) is a resource for technical writing and technical communications professionals of all experience levels and in all industries to share their experiences and acquire information.
For two decades, technical communicators have turned to TechWhirl to ask and answer questions about the always-changing world of technical communications, such as tools, skills, career paths, methodologies, and emerging industries. The TechWhirl Archives and magazine, created for, by and about technical writers, offer a wealth of knowledge to everyone with an interest in any aspect of technical communications.
Who gets the magic scepter when there are three of it?
Subject:Who gets the magic scepter when there are three of it? From:Jefe de redacciÃn <editorialstandards -at- gmail -dot- com> To:"techwr-l -at- lists -dot- techwr-l -dot- com >> TECHWR-L" <techwr-l -at- lists -dot- techwr-l -dot- com> Date:Mon, 27 Sep 2010 15:35:24 -0400
I had a nice table where I described a system of authentication tokens that
should normally be held by different people. Separation of roles.
The table included a column of suggested persons/roles in an organization
who should be the holders of the individual tokens, like the CSO (Chief
Security Officer), CIO (Chief Information Officer), head system administrator,
and so on.
The new, improved system allows each of those authentication tokens
to be split across multiple physical devices, to ensure that no one person
can present the complete authentication for a role without
oversight/participation
by fellow token-split holders.
Now, the question is what happens to the suggestions (above) when there's
usually only one CSO, one CIO, one head of system admin, etc. in
an organization. We can hardly suggest that the CSO keep one split of
his token, give one to his secretary, one to the janitor...
We know that the janitor is an independent cuss, but we think the
secretary might be influenced by her boss (the CSO) to look the other
way, or to lend her split-token fragment inappropriately.
Old, established, security-minded (institutionally-paranoid) corporations
and government departments, and spy agencies will have thought this
out already, but there are always new-kid companies and orgs that are
just arriving at the righteously-paranoid stage and would like to see
suggestions for implementation.
Any suggestions, please?
No, can't ask any of the existing paranoid companies/agencies. They
keep such things close to their vests, and react badly to perceived prying.
Don't want my corpse being found in discrediting circumstances.
--
 Â__o
_`\<,_
(*)/ (*)
Don't go away. We'll be right back. Â.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Create and publish documentation through multiple channels with Doc-To-Help.
Choose your authoring formats and get any output you may need. Try
Doc-To-Help, now with MS SharePoint integration, free for 30-days. http://www.doctohelp.com
LavaCon 2010 in San Diego Sept 29 - Oct 2 is now open for registration.
Use referral code TECHWR-L for $50 off conference tuition!
See program at: http://lavacon.org/
---
You are currently subscribed to TECHWR-L as archive -at- web -dot- techwr-l -dot- com -dot-
