TechWhirl (TECHWR-L) is a resource for technical writing and technical communications professionals of all experience levels and in all industries to share their experiences and acquire information.
For two decades, technical communicators have turned to TechWhirl to ask and answer questions about the always-changing world of technical communications, such as tools, skills, career paths, methodologies, and emerging industries. The TechWhirl Archives and magazine, created for, by and about technical writers, offer a wealth of knowledge to everyone with an interest in any aspect of technical communications.
Re: Who gets the magic scepter when there are three of it?
Subject:Re: Who gets the magic scepter when there are three of it? From:Mike Stockman <mstockman -at- gmail -dot- com> To:TECHWR-L <techwr-l -at- lists -dot- techwr-l -dot- com> Date:Mon, 27 Sep 2010 16:44:39 -0400
2010/9/27 Jefe de redacción <editorialstandards -at- gmail -dot- com>
> I had a nice table where I described a system of authentication tokens that
> should normally be held by different people. Separation of roles.
> The table included a column of suggested persons/roles in an organization
> who should be the holders of the individual tokens, like the CSO (Chief
> Security Officer), CIO (Chief Information Officer), head system
> administrator,
> and so on.
>
> The new, improved system allows each of those authentication tokens
> to be split across multiple physical devices, to ensure that no one person
> can present the complete authentication for a role without
> oversight/participation
> by fellow token-split holders.
>
> Now, the question is what happens to the suggestions (above) when there's
> usually only one CSO, one CIO, one head of system admin, etc. in
> an organization. We can hardly suggest that the CSO keep one split of
> his token, give one to his secretary, one to the janitor...
> We know that the janitor is an independent cuss, but we think the
> secretary might be influenced by her boss (the CSO) to look the other
> way, or to lend her split-token fragment inappropriately.
>
>
Unless I misunderstand the question, it seems to me you have only three real
solutions:
1) Combine two or all tokens with one person. Already rejected, because it
defeats the purpose of the divided authentication in the first place.
2) Draft one or more people off of your chart. As you say, the janitor or
secretary might be compromised, but upper-management, or a list of people
with sufficient clearance/training from other groups, may contain
trustworthy enough people. Go get one of those.
3) Hire/create a position to handle the second or third tokens. If an
organization has grown to the point where such authentication measures are
needed, they may also need these people for other reasons.
So your choices are between #2 and #3. Present them to the users and you're
done, right?
Of course, an additional option is to re-evaluate the need for split
authentication in the first place. It may still be needed, but it may also
be something an earlier CSO found exciting, but was never really warranted.
Hope this helps, and I'll be interested to see other responses to see what I
missed.
Mike
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Create and publish documentation through multiple channels with Doc-To-Help.
Choose your authoring formats and get any output you may need. Try
Doc-To-Help, now with MS SharePoint integration, free for 30-days. http://www.doctohelp.com
LavaCon 2010 in San Diego Sept 29 - Oct 2 is now open for registration.
Use referral code TECHWR-L for $50 off conference tuition!
See program at: http://lavacon.org/
---
You are currently subscribed to TECHWR-L as archive -at- web -dot- techwr-l -dot- com -dot-
