[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference tnpubs::ipa_registry

Title:IPA III
Moderator:FORTY2::BILLINGTON
Created:Fri Jan 29 1993
Last Modified:Fri Mar 11 1994
Last Successful Update:Fri Jun 06 1997
Number of topics:30
Total number of notes:124

1.0. "Registry Guidelines" by FORTY2::BILLINGTON () Wed Mar 31 1993 08:05

Welcome to the IPA Research and Resource Registry.

Note 1 is the guidelines and rules note. It contains information about how
to use the registry to find information, and the procedure for submitting
information to the registry.
T.RTitleUserPersonal
Name		DateLines
1.2How to use the registryFORTY2::BILLINGTONWed Mar 31 1993 08:098
Note 2 contains an index of the notes that contain information about specific
topics.

Note 3 contains an index of contacts. These contacts are people who are experts
in a particular area or who are researching an area. 

You can also use the keywords to search for information about a topic. Note 4
explains how the keyword system works.
1.3How to submit information to the registryFORTY2::BILLINGTONWed Mar 31 1993 08:137
If you have information that you want included in the registry, or you want
your name added to the resource list, contact the registry moderator 
by sending mail to forty2::billington.

You cannot volunteer anyone else's name for the resource list, though you can,
of course, try to persuade them to volunteer themselves!
1.4Ref. 1.1ISOISA::HAKKARAINENEvery day I get in the queueWed Mar 31 1993 09:11177
 Information Protection                                 | No. 10.0
 Information Protection Policy                          | Effective: 02-JAN-1991
                                                        | Page   1 of  3
 -------------------------------------------------------------------------------

 Summary

 Information is one of Digital's important business resources, along with
 people, materials and components, and financial assets. Information is
 expensive and critical to Digital's success in the highly competitive 
 computer industry.
     
 This Digital information security policy has two purposes:
    
  1. To protect Digital's information from unauthorized disclosure,  
     destruction or modification; and,
    
  2. To establish Digital's legal rights to its information, should it 
     be necessary to defend those rights in a court of law.
   
 Scope
    
 This policy applies to all employees of Digital Equipment Corporation
 worldwide, unless in conflict with law, in which case the appropriate
 Digital manager must devise effective lawful processes to establish
 equivalent protection.
    
 Requirements
    
 Information protection applies to all information forms: mental, electronic
 (machine-readable), and written (human-readable). The effort expended on
 protection will be appropriate to the information's value and sensitivity. 
    
  1. Information risk/value/sensitivity is determined through the Digital
     information classification process. The Digital information 
     classifications are:
    
     DIGITAL RESTRICTED DISTRIBUTION 
     DIGITAL PERSONAL
    
             Greatest Risk / Value / Sensitivity    
         
     DIGITAL CONFIDENTIAL
    
             Moderate Risk /  Value / Sensitivity
           
     DIGITAL INTERNAL USE ONLY
         
             Routine Risk / Value / Sensitivity
               
 Corporate Security Standard 10.1 establishes definitions, rules and
 procedures for information classification and resulting protection
 measures.
 
 
 <REF: Information Protection ! 10.1 >

                       FOR DIGITAL INTERNAL USE ONLY
 
 Information Protection                                 | No. 10.0
 Information Protection Policy                          | Effective: 02-JAN-1991
                                                        | Page   2 of  3
 -------------------------------------------------------------------------------

 Requirements Cont'd

  2. Proper information classification is the responsibility of all  
     Digital employees who are information originators and/or information 
     custodians. When routine business information has little risk
     associated with possible unauthorized disclosure, no assignment of a
     Digital classification is required.  However, all business information
     used in the course of Digital operations is considered private to
     Digital and there is no blanket approval for outside release of
     unclassified information in any case.
    
  3. Information protection is the responsibility of all Digital employees. 
     All Digital information assigned a Digital information classification 
     will be provided protection as specified in the Corporate or Business/ 
     Geography Information Security Standards.
    
  4. Protection requirements established in the Digital Security Standard 
     10.1 apply also to information entrusted to Digital by others, unless 
     Digital is contractually obligated to follow other protection methods, 
     or if government regulations apply.
       
 Exception to Policy
    
 Digital Security Standard 10.1 establishes a process by which appropriate
 Digital managers may authorize alternative protection methods when business
 requirements justify an acceptance of risk.
 
 
     
 Supporting Responsibilities
    
 Corporate Security, through the area, geography, and business security
 functions, coordinates, issues, and maintains security policies, and
 monitors program effectiveness.
    
 The Digital Security Council represents the Digital businesses/geographies/
 staffs in identifying security requirements, and in proposing, approving,
 and implementing security policies.
    
 The Digital Information Security Strategy Committee establishes information
 security program strategy, identifies information security issues and
 solutions, and commits to the worldwide implementation thereof.
    
 Digital managers will ensure that all employees are aware of, and comply
 with, Digital information security requirements as specified in Corporate
 Security Standards and business/geography Security Standards. 
    
 Corporate Audit will monitor compliance with Security Standards.
    
 Purchasing will ensure that contractors and suppliers are aware of Digital
 information protection requirements applicable to business relationships.

                       FOR DIGITAL INTERNAL USE ONLY
 
 Information Protection                                 | No. 10.0
 Information Protection Policy                          | Effective: 02-JAN-1991
                                                        | Page   3 of  3
 -------------------------------------------------------------------------------

 References

 Digital Corporate Security Standard 10.1, "Protection of Digital
 Information" (see other references therein)
 
 
 













































                       FOR DIGITAL INTERNAL USE ONLY
1.1Information access and securityFORTY2::BILLINGTONMon Apr 05 1993 12:2212
This conference has notes containing information about the IPA task
forces and notes that contain "registry" information. Task force notes
are open for anyone to write.  Only the moderators have Write access
to the registry notes in this conference. Most of the rules and
guidelines here apply to registry information.

Information that is classified (Company Confidential, perhaps) must be 
marked as such. Information that is sensitive ("don't use XYZ
developed by  the dummies down the corridor because it's rubbish" or
"this product is  being cancelled but nobody has been told yet") is
probably best left out.  Instead the registry could indicate how to
get information about the particular topic.