Uploaded bynenxzwkpbe6777
12 views

Security planning disaster recovery 1st Edition Eric Maiwald

Security planning disaster recovery 1st Edition Eric Maiwald Security planning disaster recovery 1st Edition Eric Maiwald Security planning disaster recovery 1st Edition Eric Maiwald

Embed presentation

Download to read offline
Security planning disaster recovery 1st Edition Eric Maiwald - Downloadable PDF 2025 https://ebookfinal.com/download/security-planning-disaster-recovery-1st- edition-eric-maiwald/ Visit ebookfinal.com today to download the complete set of ebooks or textbooks
Here are some recommended products that we believe you will be interested in. You can click the link to download. Network Security A Beginner s Guide Second Edition Beginner s Guide Eric Maiwald https://ebookfinal.com/download/network-security-a-beginner-s-guide- second-edition-beginner-s-guide-eric-maiwald/ Disaster Recovery Planning for Communications and Critical Infrastructure Artech House Telecommunications 1st Edition Leo A. Wrobel https://ebookfinal.com/download/disaster-recovery-planning-for- communications-and-critical-infrastructure-artech-house- telecommunications-1st-edition-leo-a-wrobel/ SharePoint 2007 Disaster Recovery Guide 1st Edition John L. Ferringer https://ebookfinal.com/download/sharepoint-2007-disaster-recovery- guide-1st-edition-john-l-ferringer/ Recovery of the Lost Good Object 1st Edition Eric Brenman https://ebookfinal.com/download/recovery-of-the-lost-good-object-1st- edition-eric-brenman/
Disaster Recovery Crisis Response and Business Continuity A Management Desk Reference 1st Edition Jamie Watters (Auth.) https://ebookfinal.com/download/disaster-recovery-crisis-response-and- business-continuity-a-management-desk-reference-1st-edition-jamie- watters-auth/ Wiley Pathways Network Security Fundamentals 1st Edition Eric Cole https://ebookfinal.com/download/wiley-pathways-network-security- fundamentals-1st-edition-eric-cole/ Uncle Eric Talks About Personal Career and Financial Security An Uncle Eric Book 2nd Edition Richard J. Maybury https://ebookfinal.com/download/uncle-eric-talks-about-personal- career-and-financial-security-an-uncle-eric-book-2nd-edition-richard- j-maybury/ Treatment Planning for Person Centered Care The Road to Mental Health and Addiction Recovery 1st Edition Neal Adams https://ebookfinal.com/download/treatment-planning-for-person- centered-care-the-road-to-mental-health-and-addiction-recovery-1st- edition-neal-adams/ Applied Cyber Security and the Smart Grid Implementing Security Controls into the Modern Power Infrastructure 1st Edition Eric D. Knapp https://ebookfinal.com/download/applied-cyber-security-and-the-smart- grid-implementing-security-controls-into-the-modern-power- infrastructure-1st-edition-eric-d-knapp/
Security planning disaster recovery 1st Edition Eric Maiwald Digital Instant Download Author(s): Eric Maiwald, WilliamSieglein ISBN(s): 9780072224634, 0072224630 Edition: 1 File Details: PDF, 1.74 MB Year: 2002 Language: english
Security Planning & Disaster Recovery Eric Maiwald William Sieglein McGraw-Hill/Osborne 2600 Tenth Street Berkeley, California 94710 U.S.A. To arrange bulk purchase discounts for sales promotions, premiums, or fund-raisers, please contact McGraw-Hill/Osborne at the above address. For information on translations or book distributors outside the U.S.A., please see the International Contact Information page immediately following the index of this book. Copyright © 2002 by The McGraw-Hill Companies. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication. 1234567890 FGR FGR 0198765432 ISBN 0-07-222463-0 Publisher Brandon A. Nordin Vice President & Associate Publisher Scott Rogers Acquisitions Editor Jane Brownlow Project Editor Janet Walden Acquisitions Coordinator Emma Acker Technical Editor Ben Rothke Copy Editor Claire Splan Proofreader Pam Vevea
Indexer Claire Splan Computer Designers Kelly Stanton-Scott, Mickey Galicia Illustrators Lyssa Wald, Michael Mueller Series Design Peter Hancik, Lyssa Wald Cover Series Design Jeff Weeks This book was composed with Corel VENTURA™ Publisher. Information has been obtained by McGraw-Hill/Osborne from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, McGraw- Hill/Osborne, or others, McGraw-Hill/Osborne does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information. This book is dedicated to my wife Kay and my two sons, Steffan and Joel, who put up with a lot of long days and lost time (again) during the writing of this book. –EM This book is dedicated to my lovely wife Jane—’Tis naught Othello or King Lear, but that WS did not receive royalties. And to my children Kyle, Haley, and Maggy—YES, I can play now! –WS About the Authors Eric Maiwald is the Chief Technology Officer for Fortrex Technologies, where he oversees all security research and training activities for the company. He also manages the Fortrex Network Security Operations Center where all managed services are performed. Mr. Maiwald also performs assessments, develops policies, and implements security solutions for large financial institutions, services firms, and manufacturers. He has extensive experience in the security field as a consultant, security officer, and developer. Mr. Maiwald holds a Bachelors of Science degree in Electrical Engineering from Rensselaer Polytechnic Institute, a Masters of Engineering in Electrical Engineering from Stevens Institute of Technology, and is a Certified Information Systems Security Professional (CISSP). Mr. Maiwald is a named inventor on patent numbers 5,577,209, “Apparatus and Method for Providing Multi-level Security for Communications Among Computers and Terminals on a Network”; 5.872.847, “Using Trusted Associations to Establish Trust in a Computer Network”; 5,940,591, “Apparatus and Method for Providing Network Security”; and 6,212.636, “Method for Establishing Trust in a Computer Network via Association.” Mr. Maiwald is a regular presenter at a number of well-known security conferences. He has also written Network Security: A Beginner’s Guide, published by McGraw-Hill/Osborne, and
is a contributing author for Hacking Linux Exposed and Hacker’s Challenge, also published by McGraw-Hill/Osborne. William Sieglein is the Manager of Security Services for Fortrex Technologies, where he oversees all security consulting and professional services for the company. Mr. Sieglein also manages information security projects for Fortrex clients, leads risk assessments, develops policies, and implements security solutions. He has over 20 years experience in the IT industry, specializing in information security. Mr. Sieglein holds a Bachelors of Science degree in Computer Science from the University of Maryland and a Masters of Science in Technical Management from Johns Hopkins University. Mr. Sieglein has published numerous articles for various publications including Business Credit Magazine, Security Advisor, and CMP’s iPlanet, where he was also the security expert for several months. Mr. Sieglein been a guest speaker for various organizations including the Information Systems Audit and Controls Association (ISACA), Joint Special Operations Command (JSOC), and the American Society for Industrial Security (ASIS). About the Technical Reviewer Ben Rothke (brothke@hotmail.com) is a Principal Consultant with trustEra (www.trustEra.com). His areas of expertise are in PKI, design and implementation of systems security, HIPAA, encryption, security architecture and analysis, firewall configuration and review, cryptography, and security policy development. Mr. Rothke previously worked for Baltimore Technologies, Ernst & Young, and Citibank and has provided information security solutions to many Fortune 500 companies. He is a frequent speaker at industry conferences and has written for many computer periodicals. Currently, he writes a column for Unix Review as well as a monthly security book review for Security Management magazine. Mr. Rothke is a Certified Information Systems Security Professional (CISSP), a Certified Confidentiality Officer (CCO), and a member of ISSA, ICSA, IEEE, ASIS & CSI, operating out of a New York-based office. Acknowledgments This book could not have been written without the help of a number of people. Most notable in their help were those people we work with at Fortrex Technologies, Inc., especially Lee Kelly for his work on the HIPAA regulations and Andrew Waltz for his research on GLBA. We would also like to acknowledge the great support of our technical editor, Ben Rothke, who turned the chapters around very quickly. Of course, none of this could have been possible without the help from the people at McGraw-Hill/Osborne, most notably Jane Brownlow, Emma Acker, and Janet Walden. Introduction In this e-centric day and age organizations have come to rely on IT infrastructures not just as an aid to business, but for some, as the core of their business. Safe, secure, and reliable computing and telecommunications are essential to these organizations. As these
organizations begin to understand the importance of information security, they are developing security programs that are often under the direction of the CIO. An information security program includes more than just people and technology. The programs involve policies, procedures, audits, monitoring, and an investment of time and money. This book is meant to provide organizations with a broad overview of the security program, what it should be, who it should include, what it entails, and how it should fit into the overall organization. This book is for the security professional who must answer to management about the security of the organization. In today’s economy, many organizations do not have the ability to hire a person and dedicate that person to security. Often the person who is given this job is an IT professional with no specific security training. This book will provide the road map for such individuals. The book is divided into four main parts plus some good information in appendices: Part I: Guiding Principles in Plan Development Part I is intended to provide guidance on fundamental issues with security planning. In this part we cover the basic concepts of the role of information security, laws and regulations, and risk identification. • Chapter 1: The Role of the Information Security Program Chapter 1 discusses the overall importance of the information security program. It describes where it fits into the organization and who should establish its charter, mission, responsibilities, and authority. It further talks about the relationship of the information security manager (and the department) to the rest of the organization. It is impossible to build a program in a vacuum or with bad relationships throughout the organization. • Chapter 2: Laws and Regulations Many industries have federal or state regulations that must be followed. Some of these regulations may affect the security program. It is therefore important for the security department to understand the regulation requirements. In some cases the existence of the information security program is clearly dictated by laws and regulations. • Chapter 3: Assessments This chapter focuses on how organizations go about identifying the state of their information security efforts. It includes information on various types of assessments and when they should and should not be used. Part II: Plan Implementation Part II discusses the basics of risk management and mitigation. Once risk has been identified, the mitigation steps must be taken. While the exact plan will vary for each organization, this part of the book provides the basics. • Chapter 4: Establishing Policies and Procedures This chapter discusses the importance of policies and procedures and describes policies and procedures that need to be created for the organization. The primary focus of this chapter is the order that they should be created and the approach to use in getting the organization to buy into what is created. • Chapter 5: Implementing the Security Plan Policies are nice documents but if they are not implemented, they do no good. This chapter talks about general guidelines for implementing good policies. • Chapter 6: Deploying New Projects and Technologies No organization can afford to develop everything internally. Security is no different in this regard. Since it is
likely that products will be purchased for the organization and new projects will be developed internally, this chapter covers how to manage the risk to the organization through the development process. • Chapter 7: Security Training and Awareness This chapter discusses the programs and classes that must be established to make the organization aware of security issues. Security awareness is one of the most cost-effective components of the information security program. In a recent speech, Richard Clark, the President’s cyber-security advisor, noted that the awareness of employees was critical to an organization’s security program. He also noted that he and the federal government would be stressing this topic to industry in the coming months. • Chapter 8: Monitoring Security The security program is in place. How do you know that it is working? The only way to know is to monitor it. This chapter discusses the more useful methods for monitoring. Part III: Plan Administration Security programs are no different than any other program within an organization. Once they are set up and working properly, they must be managed and administered properly. This part talks about these tasks. • Chapter 9: Budgeting for Security Just about every organization has a budget process. The security department must go through it with every other department. Therefore, it is important for the security department to do it well. • Chapter 10: The Security Staff Not every security program has a staff but many do. Choosing the correct individuals for the staff and the correct mix of skills can make or break the program. This chapter talks about the mix of the team and how to find good people. • Chapter 11: Reporting Finally, there is reporting. Without some type of reporting there is no way for the organization to gauge the effectiveness of the security department. There is rarely an ROI for security (but this is changing) and thus there must be other metrics to use to measure the performance of the department. Part IV: How to Respond to Incidents All of the planning, risk identification, risk mitigation, and administration tasks can help an organization to manage risk. However, no one can ever completely remove risk. This part of the book discusses how to deal with incidents and disasters when they occur. • Chapter 12: Incident Response Bad things happen. The security program works diligently to try to prevent them but they happen anyway. When they do, the security department must be ready to take the lead in the response. • Chapter 13: Developing Contingency Plans Disasters of all shapes and sizes occur to businesses. Because organizations have become so dependent on their IT infrastructures it is essential that they develop an IT Disaster Recovery Plan and keep it up to date. This plan will provide policies, procedures, roles, and responsibilities for preparing for, responding to, and recovering from a variety of disasters. This chapter explains the key steps in developing an IT DRP. • Chapter 14: Responding to Disasters How an organization responds to a disaster is just as important as how an organization plans for a disaster. Often, the response to a disaster deviates from the plan due to unforeseen circumstances. This chapter discusses the proper response during a serious disaster.
Part V: Appendixes Part V provides three sections that complement the purpose of the book. These sections are intended to assist the reader in answering particular questions about security and implementing a strong program. • Appendix A: Handling Audits Audits are a fact of life. Every organization goes through them. They may be internal audits or external. The security team must be a part of these audits and the organization’s response. • Appendix B: Outsourcing Security The outsourcing of security has become a lively topic recently. Many new security firms exist that sell some type of service. This may impact the security of the organization or it may be a cost-effective way to fulfill the responsibilities of the security department. • Appendix C: Managing New Security Projects This appendix is a continuation of Chapter 6 that talks specifically about building new security projects as opposed to security in new business projects. Part I: Guiding Principles in Plan Development Chapter List Chapter 1: The Role of the Information Security Program Chapter 2: Laws and Regulations Chapter 3: Assessments Chapter 1: The Role of the Information Security Program Overview Security professionals today talk about the need for strong security programs. We hear calls for the latest products, more staff, and more funding. But what is a strong security program? If an organization has a weak program, how can it be strengthened? How much money does it take to create and maintain a strong program? None of these questions have simple answers. However, one thing is very clear: A security program must have three things in order to be strong and successful: • A well-defined mission • Good relationships within the organization • Intelligent, knowledgeable security professionals The details of building and maintaining a strong security program will be left to the other chapters of this book. Identifying, hiring, and keeping security professionals will also be discussed in some detail later in the book (see Chapter 10). This chapter will focus on the first
two items above—the mission and the relationships. In short, these two items identify the role that the security program will play within the organization. Getting Off on the Right Foot Perhaps the most important part of the security manager’s job is the beginning. The person who leads the organization’s information security department has a job that will touch every other department in the organization. Every employee will be affected by the decisions and policies that are developed by information security. Therefore, it is extremely important for the information security manager to establish good working relationships with other departments. We will talk more about these relationships later in this chapter. Security Alert! The security manager who starts off on the wrong foot is destined for failure. Many security departments and security managers failed to help organizations manage their risk by ignoring the impact of relationships. A new security manager must begin these relationships. In most cases, the information security manager will be the new kid on the block. The other departments will have well- established missions, roles, procedures, and reporting structures. The worst possible thing would be for the new information security manager to attempt to assert his authority over this existing structure. The rest of the organization would ignore the new manager and force the entire security effort to become ineffective. Challenge You are a new security manager for an organization. The first task that you have on your plate is the development of a new information security policy. You complete the policy without the help of the rest of the organization since this is your job. Now you must go out and implement the policy. As soon as you begin to work with system administrators, you get serious resistance. Then the administrators just stop working with you altogether. You approach your boss about the problem, thinking that pulling rank will get the policy implemented. Do you really think that this is the best course of action in this case? Even if your boss can or will help you put pressure on the administrators, will the policy implementation succeed? Likely, the answer is no it will not. The administrators have no interest in the policy since they view it as being shoved down their throats. The best chance you have of getting any policy implemented now is to go to the system administration staff and beg for their help in writing a new policy (don't even try to start with the original one). What then is the best way to get off on the right foot? First, remember that the information security department is likely to be new kid to the organization and thus must learn how the organization works before putting out directives that must be met or else. The security manager should start by talking to each department manager. He or she must also learn not to direct how security should be handled but to learn and work with the other departments.
Second, the information security department is charged with a mission. How this mission is accomplished is the primary job of the information security manager. The mission must be accomplished in conjunction with, not in spite of, the other departments and employees of the organization. Establishing a good working relationship so that everyone understands the need for security will go a long way to accomplishing the security department’s mission. Establishing the Role of Security The information security department was established for a reason. Depending on the organization the reason might be any of the following: • Government regulation required it. • An audit report recommended it. • Senior management or the board decided it was necessary. • The IT department decided it was necessary to have the function. In any case, a reason exists for the security department and thus a scope of operations exists as well. The scope of operations is defined by the location of the department within the organization. For example, if the information security department was established by senior management, it may have a scope that includes the entire organization. If the information security department was established by the IT director, then the scope is likely to be more limited (the IT department for instance). The reporting structure for security is only one part of establishing the role of security. The information security department should also have a mission statement and long-term goals. These should be developed and approved by the organization. Tip Work with senior management to develop the mission statement. Make sure the mission statement agrees with what senior management had in mind for the security department. Reporting Structure The reporting structure for the information security department is one of the most important aspects of the department’s creation. If the department reports too low in the organization, the scope and authority of the department will be too limited to be effective. In some cases the reporting location may also cause conflicts of interest. Figure 1-1 shows a very general organization chart with various placements for the information security department. Two of the locations are shown in medium shading. These indicate good places for the department. The first would have security reporting directly to the president or CEO. This location gives the information security department the largest possible scope and the highest possible visibility in the organization. While this reporting point is good for information security, it is not always possible. Some organizations do not wish to elevate the head of information security to the senior management team for example.
Figure 1.1: Examples of reporting points for the information security department The second good alternative would place the information security department under the organization’s general counsel. This moves the department from directly reporting to the President or CEO and yet still allows the department to have a large scope (the general counsel usually can act throughout the organization). Given that many security issues are also becoming legal issues, placement here is certainly appropriate. Some organizations place the information security department under the CFO, as indicated in light shading in Figure 1-1. While this placement is not bad, it does pose some potential conflicts of interest. Since the CFO usually looks across the organization, the scope of the information security department would not be limited. However, the CFO usually also manages the internal audit department. Information security and internal audit have similar yet different roles within an organization (see the “Relationship” section for a more complete explanation of this relationship) and therefore should be kept as separate as possible. If the CFO manages this potential conflict properly, there is no reason why placing the information security department here would not work. Information security departments are often placed below the IT department, as indicated in dark shading in Figure 1-1. This is because information security usually develops out of the IT department’s need for security policy and incident response. Unfortunately, the placement of the organization’s information security department here tends to limit the scope of the department unnecessarily. It often becomes difficult for the information security department to work effectively across the organization. Security Alert! If the security department reports to the IT department, make sure that the mission statement for the department is focused primarily on IT issues. If the mission statement is too broad, conflicts with other departments may arise. Placement of the information security department below the internal audit function (also indicated in dark shading in Figure 1-1) causes a serious conflict of interest. Information security is supposed to create and manage policy. The audit department is supposed to determine compliance. It is not appropriate for the audit department to both create policy and then determine compliance. Mission Statement In most cases, we don’t see the point of a mission statement for a department within an organization. The simple reason for this is that most mission statements are self-evident. For example, the mission of the software development department is to develop good software according to the design requirements. This seems pretty obvious.
Unfortunately, the mission of the information security department is often misunderstood. The information security department cannot guarantee the security of the organization’s information or systems. The information security department can assist in managing the information security risk to the organization but that is as far as we can go. Security in general (and information security in particular) are exercises in risk management. There are no guarantees. In fact, risk is an inevitable part of life. It is the job of the information security department to help manage the risk to the organization. Given that, what are some appropriate mission statements for the information security department? The following statements are provided as examples of good mission statements for an information security department: • To appropriately manage the information security risk to the organization by working with the various internal departments • To appropriately manage the information security risk to the organization by operating various network and system security mechanisms • To appropriately manage the information security risk to the organization by developing and managing organizational security policy • To appropriately manage the information security risk to the IT department of the organization by managing the implementation of organization security policy Please notice that each of these mission statements includes the scope of the work (the entire organization or the IT department) and the mechanism for the work. In some organizations the information security department only sets policy while in others the department will manage network devices such as firewalls and intrusion detection systems. The type of tasks that the department is expected to carry out will impact how the mission statement is worded. So why is it so important that we get the mission statement of the information security department correct? Because from the mission statement all of the work of the department is derived (see Figure 1-2). Since the mission statement will also define how the work is to be done (at a very high level) and for whom the work is to be done (the scope of the department’s authority), it is a very important statement. Figure 1.2: How the mission statement affects the work of the information security department Once the mission statement has been developed, it should be agreed to by the senior management of the organization.
Long-Term Goals As can be seen in Figure 1-2, long-term goals for the information security department flow from the department’s mission statement. Long-term goals are goals that may take several months to several years to accomplish. These are goals for the department that directly affect the ability of the department to meet the mission statement. A long-term goal for the department might be to be able to quantify the risk to the organization on a regular basis. Obviously, this goal will require significant work in various areas such as assessments, vulnerability tracking, threat identification, and policy compliance monitoring. Each of these systems may themselves take time and resources to implement. Long-term goals should be part of strategies used by the department to manage the risk to the organization. Figure 1-3 shows another way to plan the direction for the department. Following a risk assessment (see Chapter 3), the major risks to the security of information within the organization should be identified. For each major risk, a strategy should be created to manage the risk. The management of these risks becomes the long-term goal for the department. Figure 1.3: Strategies are used to manage risk. Tip At least once a year, the long-term goals of the department should be reviewed to check on progress. The review of long-term goals may also identify completed goals and new goals that must be added to respond to changes in the organization. Short-Term Objectives At least once a year short-term objectives should be identified to move the department toward meeting the long-term goals of security for the organization. These objectives can be turned into project plans for the coming year. Each project plan can be used for budgeting purposes (see Chapter 9). Short-term objectives may be the installation of a new product or the creation of a process to monitor some aspect of security. No matter how the objectives are defined, the completion of any of the objectives should lead the department closer to the long-term goal. Relationships As mentioned before, relationships will make or break the effectiveness of the information security department. Regardless of the support from senior management or the authority given to the department, the relationships that are developed between security staff and management and the rest of the organization are critical to the overall success of the department. There are two types of relationships that the security department must create: • Technical • Business
Technical relationships are those that build on the ability of the security staff to explain and understand technical issues. Business relationships are those that build on the ability of the security staff to understand the needs of the organization in order to accomplish the business of the organization. Technical Relationships As was already mentioned, technical relationships are those that build on the ability of security staff to explain and understand technical issues. In other words, technical relationships are built on mutual respect for the technical knowledge and capabilities of the security staff and the other employees or departments. Security Alert! If the security staff shows that it has no understanding of networks, systems, software development, and so on, these groups will not believe that the security department will be able to help them or understand their problems. It is also important to understand that the technical relationships between security and other departments are not always two-way relationships (see Figure 1-4). In many cases, the relationship may be one where security provides information, guidance, and assistance to the other department but does not really receive assistance in return. Figure 1.4: The directional nature of technical relationships Administrators Both system and network administrators are very technical professionals who tend to have more work then they do hours in the day. Therefore, when the issue of security comes up, the administrator is unlikely to be favorably disposed to taking on more work. How then can the security department form a relationship with system and network administrators? It is painfully obvious to anyone who has tried that attempting to threaten or force administrators to secure their systems does not work. The primary job of system and network administrators is to keep the systems up and running. They do this very well. Anything that is perceived as reducing their ability to keep the systems up is unlikely to be done. (This is not to say the administrators do not wish their systems to be secure. On the contrary, they do.)
Therefore, the security department must provide information to the administrators that shows how security can assist them in keeping the systems up. In this way, the security department shows a value to the administrators. Once a value is shown, the job of security becomes easier. Another issue that hurts the relationship between security and administrators is the perception that the security department does not understand the technical system or network issues. Often this is in fact the case and leads to security staff making recommendations or even demands that do not make sense in the technical environment of the organization. In order to build a good working relationship with administrators, the security staff needs to have technical knowledge in the following areas: • Network architecture • Network protocols (specifically TCP/IP or whatever protocols are used on site) • Basic Unix administration (basic commands and where to find files) • Basic Windows NT/2000 administration With this basic knowledge, the security staff will understand why a sniffer may not work in a switched environment or why the Unix passwd file has to be readable by all processes but the shadow file does not. Development Development staff are also very technical individuals who have project deadlines that must be met. In many cases, these deadlines are imposed by senior management for new product offerings. As with administrators, if security attempts to dictate to the developers, the relationship will fail. Security must work within the framework of the developers’ world. In most organizations, the development staff uses a development methodology. This methodology is the perfect way for security to work with the development staff. Throughout project development there are tasks that would benefit from security involvement. For example, the requirements phase of a project should consider security requirements. If the project does not take into account security during the requirements phase, the project may find that the new system has security holes when it is time for the project to go into production. By showing the development staff how security can alleviate some of the back-end headaches, the development staff can be shown a benefit to security’s involvement. As with the administration staff, development will not look kindly upon security staff who lack an understanding of the development methodology and the technical issues involved in the development process. This is not to say that the security staff must understand how to code C++, but the members of the staff that work with the developers should have some understanding of how systems are developed and coded. Building Secure Software: How to Avoid Security Problems the Right Way by John Viega and Gary McGraw (Addison Wesley Professional, 2001) is an excellent reference on how to write secure code. In addition, knowledge in the following areas will assist the security staff when working with development:
• System architecture • Performance testing • Software development • System integration issues (making products work together) • The organization’s development methodology Physical Security In most organizations, the department that handles the door locks, guards, cameras, and other physical security mechanisms is separate from the information security department. Yet physical security is a very important component of the overall information security of the organization. This makes it doubly important that the information security department have a good relationship with the people that handle physical security. The relationship with physical security should be a peer-to-peer relationship. The two departments should be able to reinforce and assist each other in the overall goal of improved security and reduced risk to the organization. This means that the physical security department should be involved in risk assessments and in risk management. Often, it may be found that changing physical security procedures may be cheaper and easier than enhancing computer or network security. Audit Unfortunately, the audit department is often looked at as an adversary or an antagonist by information security. Clearly, this is the wrong way to look at this relationship. The audit department serves a very important role in organizations. They are the watchdogs and the checkers who make sure that policies and procedures are followed. Auditors make sure that trust relationships between the organization and its employees are upheld. Information security and audit serve very similar roles. Both have the job of reducing the overall risk to the organization. And yet, the two departments are not direct competitors for funds and prestige. Therefore, there should be a good working relationship between the two departments. When we worked in organizations that had internal audit departments, we made it our business to meet the internal auditors and to find out how they did their jobs. In doing this, we have found individuals who wish to learn about the technology that is used in information security so that they could do their jobs better. Tip The information security department can and should provide information to the audit department about the technology and procedures that are being used to manage risk. When the auditors request to perform an audit, the information security department should be completely open with them and provide all the necessary information. Business Relationships If the security staff understands nothing else, they must understand that their job is to assist the organization in performing its primary business function. With that said, the security department must form business relationships within the organization. These are relationships where security supports the primary business function (see Figure 1-5). No business functions
will support the security department. Why? Because the security department is a support organization. Its job is to assist the business to function. It is not the function of the business departments to assist the security department. Figure 1.5: The security department supports the business of the organization. Security Alert! It is essential to reiterate that the information security staff must understand the business role of the organization they are working to protect. An ideal manager of the security department will be able to merge the business and the technical. Senior Management Security supports the senior management of the organization in its job of managing the organization. This means that security provides information to the top managers of the organization to assist them in making decisions. We will talk more about this when we discuss reporting in Chapter 11. At this point we need to talk about the relationship between the security department and the senior management of the organization. It sometimes appears that security will use the support of senior management to accomplish its tasks. For example, a letter from the CEO about compliance with security policies is often key in gaining organization buy-in. But in reality, during this whole process security is supporting the organization. The reason for this is that the development of the security policy and the organization’s compliance with it actually support the management of risk for the entire organization. The leaders of the organization are supposed to make money for the owners (or stockholders) and make the organization successful. They do this by making decisions about risk and reward. Security supports this by providing information on risk and helping to manage the security risk to the organization. Therefore, the activities of the security department should all be targeted to manage security risk. The development and deployment of a security policy is a means of doing just that. Therefore the support of the organization’s senior management is actually senior management agreeing that security is helping them manage risk to the organization. Enough of a philosophic view of the relationship. Let’s talk more down to earth. First off, the senior management of the organization must be able to trust the information that comes from the security department. This means that the security department must provide appropriate information. There should be no grand-standing and no inflation of the risks (that is, security should not go around yelling that the sky is falling). Note that an effective security department
manager will know what to worry about and, to a degree more importantly, what not to worry about. It also means that security should be staffed by professionals who have a good understanding of security and the technologies that security must affect (networks, systems, and so on). In the performance of its duty, security may be asked to comment on technical solutions. If security does not understand the technical aspects of the problem and proposed solution, how can a valid comment be made? The second key aspect of the relationship between security and senior management is that security must understand the business of the organization. This understanding is important because recommended solutions to manage risk must take into account that business must continue. Recommendations that clearly prevent business or that adversely affect the business of the organization without providing a clear benefit will not be taken seriously. If this occurs, senior management will no longer trust the opinions of the security department and thus security will not be able to provide assistance in managing business risk. The relationship with senior management is thus one of assistance and advice. Security must be trusted to know security and the business of the organization in order to supply both of these. Peers For the purpose of this discussion, we will consider all other managers, department heads, and directors who do not fit in the senior management category as peers to the security manager. For the same reason that it is important for security to support senior management, it is also important for security to support peers and peer departments. Some of these peer departments will be departments that do the business of the organization. Other peer departments will be supporting departments who assist the organization in doing business (just like security does). Security will help these other departments manage their risk and perform the functions of the business in a manner that manages the security risk to the organization. This means that the heads of these departments must understand that some things they do may cause risk. Therefore, security will be constantly educating other departments on the ramifications to the organization if a risk were to actually occur. Security must build a trust relationship with these other departments so that the other departments will follow security recommendations and come to the security department with questions. Nowhere will this relationship be more important than with the IT and development groups. We have already talked about the technical relationship with these departments. In addition to this technical relationship, there must also be a business relationship. Technically, both departments must see that security has knowledge about systems, networks, and development. From the business perspective, both departments need to see that security understands how the business functions and how IT and development assist in the business functions. The User Community The relationship between the security department and the user community of the organization may be the most important. The reason for this is very simple. The organization can spend
hundreds of thousands or even millions of dollars on security systems and technologies but a single employee who is unaware of the security policies of the organization can allow an intruder to bypass it all. This means that every employee in the organization must understand the need for security (see Chapter 7 on security awareness training). Remember that behind most security breaches are authorized users who did not follow the rules. This does not mean that the security department or the security manager will have a personal relationship with every single employee. However, employees should understand what the security department is and what its function is with regard to the organization. Employees are human and thus they will seek the path of least resistance when performing their jobs. This is not to say that employees are by nature lazy, only that human nature will seek to perform a task while expending the least amount of effort. Understanding this fact will enable the security department to develop programs and its relationship with the user community in such a way that the security risk to the organization can be managed. Since the relationship with the user community is generally not a personal one (as most other relationships will likely be), the security department will interact and relate to users in a different way. Successful security departments will provide information to the user community in such a way that the users find the information interesting. For example, the security department may run a lunch-time seminar on how to protect your kids from the dangers of the Internet. While conducting the seminar, security can provide the employees with good practices that are also in line with organization policy. Likewise, the security department could provide hints and suggestions on keeping home computers free of viruses. The information provided to the users can be the same as that required of them when performing their jobs. In both cases, the users are provided with something that can be useful and perhaps take some risk out of their lives as well as their work. These actions show the users that security can be of help to them and not just a hindrance to their work. In the best of all possible worlds, the organization will take violations of security policy as seriously as it does violations of sexual harassment policies. Most companies have a zero tolerance policy for sexual harassment. But if that same employee violates an information security policy, there is much greater tolerance. Security Alert! The security awareness of employees is perhaps the most important single factor in the overall risk to the organization. A security manager who ignores the employees will almost always fail. Legal The general counsel’s office is the department that is perhaps the closest to the security department in function. Both are in place to assist in the performance of the organization’s primary function and both are used to reduce the likelihood that something bad will happen to the organization. As more and more government regulations, such as the Health Information Portability and Accountability Act (HIPAA), are created that call for information security and information privacy, the general counsel and the security department will work more and more closely to develop appropriate policies and implement appropriate mechanisms to reduce the organization’s exposure to fines and lawsuits. Given this, the relationship between the legal office and security should be very obvious and easy to build. The security department will need the advice and guidance of the general
counsel’s office when defining policy. The legal office will need to work with the security department to determine if government regulations are being complied with and what potential legal exposures the organization may have. During a security incident (see Chapter 12), the general counsel and the security department must work very closely, with mutual trust and respect in order to limit the damage to the organization. Human Resources HR is another support department that is very important to the success of the information security department. The reason for this is simple: HR is the source of many policies that affect the overall information security risk of the organization. For example, HR may be the source of a policy that allows telecommuting. This policy has security ramifications since the employees who are working from home may have sensitive information with them or on their computers. At the same time, these computers may need connectivity back into the organization’s internal network. Both of these issues are key information security risks that must be managed by the information security department. Another important reason for a relationship with HR is that HR handles the hiring and termination of employees. This is another key risk area that the information security department must deal with. A good working relationship with HR will make the work of training new employees on the need for security much easier. At the same time, this relationship will assist in the identification of people who are no longer employees and whose access should be rescinded. If those two reasons are not enough, HR is also usually the location of the organization’s training department. Any type of security awareness program will not succeed without the assistance of HR. None of this is meant to imply that the relationship with HR is one-way. The relationship should be one of mutual trust and assistance. The security department will rely on HR to educate employees and identify the status of employees. HR will rely on the security department for the implementation of policies such as computer use, telecommuting, and so on and for the material that must be provided to the employees of the organization. Checklist: Key Roles of the Program The following is a checklist of key steps in the establishment of an information security program: • Identify the reporting structure for the information security department— try to locate the department at an appropriate place within the organization. • Learn how the organization works and what it does. • Develop a sound mission statement. • Get approval and support from management for the mission. • Identify long -term goals and a risk management strategy. • Develop short-term objectives. • Develop good technical relationships with administrators, development, physical security, and audit.
• Develop good business relationships with peers, the user community, and human resources. • Develop a good reporting mechanism for senior management. • Work with the legal department to understand the legal issues surrounding information security within the organization. Chapter 2: Laws and Regulations Overview Many companies are regulated by federal, state, and local statutes. As more companies utilize information technology as a core part of their business operations, there are more regulations specifically aimed at ensuring that information is appropriately protected. Without doubt the most regulated are the financial services and medical industries. These industries have long had requirements for protecting the privacy of customer and patient data. With the increased usage and dependence on information systems and networks, the government has begun to pass legislation specifically aimed at controlling access to and protecting the confidentiality of such information. You must ensure that your information security program helps the company stay compliant with all relevant regulations. Most recently, the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA) have put very specific requirements on the way financial services firms and healthcare organizations protect information. HIPAA even has criminal penalties for failure to comply. Specifically, violations of the provisions in HIPAA can result in $100 for each violation, subject to a $25,000 limit for all violations of the same “requirement or prohibition” during the same calendar year. Given the numerous “requirements or prohibitions” under HIPAA, a $25,000 limit per requirement or prohibition can add up quickly. The law is even harsher on those who intentionally violate HIPAA. The lowest penalty is a fine of up to $50,000 and imprisonment for up to a year, which increases to $100,000 and up to five years in prison if the offense is committed under false pretenses, and which tops out at $250,000 and up to ten years in prison if the violation is committed “with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm.” This is pretty serious business. GLBA and HIPAA will have a significant impact on financial services and healthcare organizations. They require formal information security programs to be established and recognized by senior management. The GLBA states that the board of directors must approve the information security plan. Similarly, HIPAA mandates a formal information security and privacy infrastructure. HIPAA is a huge endeavor that will cost healthcare organizations a huge amount of money. For the first time information security risk is being laid in the hands of the most senior management. These new regulations are forcing organizations to create formal information security programs and spend money to ensure they are adequately protecting information systems. For some these laws might seem like a burden. For others it might be a blessing because now there is less guessing about what the program should include and it will likely bring more funding for the information security budget.
Another Random Scribd Document with Unrelated Content
efficace des o eaux visibles du baptême est étendu par Origène au chrême visible In epist. ad Rom., 1. V. n. X. P. (,..t. xiv, col. 1C38CD. L'application du symbolisme à l'eucharistie est plus délicate. L'eucharistie est un sacrement à part, puisque le symbolisme affirmé par saint Paul n'empêche pas la realité même du corps et du sang signifiée par les symboles extérieurs. 11 y a pour ainsi dire une double efficacité dans le symbolisme eucharistique, l'une relative à la présence du corps et du sang sous le symbole du pain et du vin. l'autre relative à la nourriture spirituelle de l'âme par la grâce produite I communiant bien disposé. Là où Origène se laisse entraîner par le symbolisme extérieur des espèces sacramentelles, il semble oublier la présence réelle, lai réalité, il professe sur ce point la foi de e et la croyance commune. Voir ici une mise au point exacte, t. xi, col. 1558-1560. On devra corriger l'appréciation un peu trop absolue de Pourrat, op. cit.. p. 7. Si les allégories qu'Origène superpose au dogme de la présence réelle n'ont plus trait à l'eucharistie. il n'en reste pas moins vrai que le double symbolisme et l'efficacité du symbole eucharistique n'est pas ignoré de cet auteur, témoin ce texte du Contra Celsum. I. VIII, n. 33 : « Rendant grâces au démiurge de l'univers, nous mangeons les pains que nous (lui)offrons avec action de grâces et prières pour (tous ses) dons: (nous mangeons ces pains) devenus corps par la prière, quelque chose de saint et qui sanctifie ceux qui en usent avec un sain propos. » P. G., t. xi, col. 15G5 C. Cf. P. Batiffol, L'eucharistie, la présence réelle et la transsubstantiation. Paris. 1913, p. 'JC,4-20.r>. L'efficacité du sacrement de pénitence est d'autant plus marquée chez Origène qu'on trouve indiqués par lui d'autres modes de rémission des péchés, le martyre. l'aumône, le pardon des injures, le zèle pour la conversion des pécheurs, l'amour de Dieu. In Levit.. hom. n, n. I. /'. G., t. xn. col. 117-119. Mais la pénitence tient une place à part : c'est qu'elle est un pouvoir de lier et de délier, de remettre et de retenir les péchés,. donné par Dieu aux chefs de l'Église. In Jud., hom. n. n â. /'. G., t. xn. col. 961 A; In Matth., t. xn, n. 1 1 : t. xiii, col. 1012-1013. Toutefois l'efficacité du sacrement n'est pas telle que les prêtres puissent, par li- seul effet de leurs prières, remettre les péchés les plus graves. Voir sur ce texte du De
oratione, l'art. Origène. t. xi, col. 1557. â. La théologie grecqne.au m* siècle, après Origène. — La théologie postérieure à Origène maintient, au sujet des sacrements, la notion du symbole et de l'efficacité sacramentels. Le rite du baptême, tel que le décrit la Didascalie, est conforme au symbolisme exprimé par saint Paul. Édition de Punk. 111. xn (parallèle aux Constitutions apostoliques, xvi), n. 2. p. 210. L'efficacité du baptême est rappelée en quelques mots expressifs : c'est un sceau, un sceau infrangible, imprimé par Dieu sur le chrétien, II. xxxix. 6. p. 126; cf. III. xn (xvi), 2, p. 210; l'achèvement de l'homme, ibid., p. 126; cf. Théognoste, Fragm., P. G., t. x, col. 240, 241. Un autre effet du baptême est de remettre les péchés, d'engendrer le néophyte à une vie nouvelle, de lui donner le Saint-Esprit, d'en faire un autre Christ. Didasc, II, xxxix. I. p. 121.; V. ix. 1.5. p. 262; VI, xn, 2, p. 326r xvii (xxn), 1. p. 354; xvm (xxm). 4- 5, p. 358; xxi (xxvii). 5. p. 371-372. Cf. Méthode d'Olympe, Convivium. VIII. vin, ix. /'. G., t. xvm. col. 149, 152. Le symbolisme eucharistique est également marqué, mais d'une façon conforme aux exigences du dogme de la présence réelle. L'eucharistie est le pain sanctifié par ks invocations. Didasc. VI. xxn ixxvni), 2, p. 376: elle est une nourriture sainte, âyiot rpoip"/) ou simplement les choses saintes, -rà ôcyia. Denys d'Alexandrie, Fragm.. édit. E. Feltoe. Cambridge, 1904, p. 58, 59, 103; ou encore les choses saintes parmi les saintes, -y. ■/•-.-/. tcôv àyicov. Id.. ibid.. p. 103. Le Dialogue d'Adamantins qui emploie parfois des termes d'un réalisme accentué (par exemple : toucher le corps et le sang du Christ) revient ensuite au symbolisme : le Christ a fait du pain et du breuvage les images. eÏxoveç, de son corps et de son sang. IV. M. P. G., t. xi. col. 1840 BC. De même la Didascalie, du moins d'après le texte grec concordant des Constitutions apostoliques. 1. VI, c. xxx, n. 2, édit. Funk. p. 381. invite les fidèles a offrir < l'eucharistie agréable ,. image du corps royal du Christ . xvrtruirov toû fitxaiXeîou op.aâTOÇ Xpicroû. Voir aussi xxn. 2. p. 376. ( les manières de parler... ne supposent nullement que ceux qui les emploient sont des symbolistes. Elles marquent seulement le caractère de signe et de symbole
The text on this page is estimated to be only 22.48% accurate 505 SACREMENTS. NOTION. LES PÈRES GRECS ,06 qui convient dans l'eucharistie aux éléments sensibles. Le pain et le vin sont les figures, les antitypes du corps et du sang en quoi ils sont intérieurement transformés, et qui sont devenus nourriture et breuvage pour nous.» Tixeront. Histoire des dogmes, t. i, Paris, 1915, p 198 499. Et c'est le Saint-Esprit qui est le principe de eette sanctification. Le pouvoir de lier et de délier implique pour l'évêque le pouvoir de pardonner les tant es il de purifier le pécheur. Didascalie, II, xi, 2; xn, 1-3, p. 16-48; xvi. s, p. 60; xviii. i-:;. p. 64; x. 2. 5, 8, p. 72. 74. Cf. Méthode d'Olympe, De lu lèpre, vu, 1-7. éd. Bonwe1 sch.p. 459-460. L'imposition île la main est le geste symbolique qui marque la réconciliation : La Didascalie remarque expressément que, par cette imposil ion de la main, qui est comme un second baptême, le pénitent recevait le Saint-Esprit, témoignage non équivoque de la purification intérieuie qu'opérait l'absolution, et de son caractère sacramentel. ront, op. cit., p. 504. Cf. Didascalie, II, xi.i, 2. p. 130; et xviii, 7. p. 66. C'est encore le geste de l'imposition des mains, XE!.po0£(TÎa, qui confère le presbytérat et le diaconat. Concile de Néocésarée, can. 9; cf. Hefele-Leclercq, Hisl. des conciles, t. i, p. 331 (l'imposition de la main qui confère l'ordination remet les péchés autres que l'impureté). Sur ce rite et son symbolisme efficace, voir Ordre, t. xi. col. 1215 sq. Quelques indications relatives au caractère sanctifiant du mariage peuvent être trouvées dans la Didascalie, IV, xi, 6, p. 231: VI. xxn (xxix). 6-8, 10, p. 378, 380. 6. La théologie grecque au IV siècle. — Au [Ve siècle, le symbolisme baptismal, tel que l'avait formulé Origène d'après saint Paul, est entré nettement dans l'explication du sacrement. Toutefois, tandis qu'Origène faisait dériver l'efficacité du baptême de l'invocation de la Trinité, les Pères grecs, à la suite des controverses sur la divinité du Saint-Esprit, expliqueront l'efficacité du rite baptismal par la présence et l'action de l'Esprit-Saint dans l'eau. Ils s'appuient sur Joa., ni, 5. D'ailleurs ils marquent nettement, et notamment saint Jean Cbrysostome, que, dans l'administration des saints mystères,
l'acteur principal est Dieu, le prêtre n'est que l'instrument de Dieu : «Le prêtre ne fait qu'ouvrir la bouche: Dieu fait tout. Le prêtre accomplit seulement un signe symbolique... L'oblation est la même, que ce suit celle de Paul ou de Pierre... » In epist. //lm ad Tim., boni, n, n. 4, P. G., t. i.xii. col. 612. Et encore : Quand le prêtre baptise, ce n'est pas lui qui baptise, mais Dieu dont l'invisible présence tient la tète du baptisé. » In Malth., hom. i., n. .". ; cf. In Act. aposl., hom. i. n. 3, P. G., t. lvii, col. 507; t. i.x, col. 110. Bien plus, Jean enseigne l'efficacité des sacrements, même administrés par des indignes : 1 heu n'impose pas les mains à tous, mais il agit par tous (les prêtres), mi indignes, pour sauver le peuple , In epist. II"" ad Tim., hom. n, n. 3, P. G., t. i.xii, col. 609. Nous sommes bien près du concept de symbole efficace ex opere operalo, que précisera la théologie médiévale et que consacrera le concile de Trente. Saint Grégoire de Nazianze, distinguant d'ailleurs six espèces de baptême, déclare que celui île Jésus est non seulement dans l'eau in psenitentiam, an l'Esprit, et c'est ce qui fait sou t-f 1 1. . m i t < Oral., xxxix. n. 17. 19, /'. G., t. xxxvi, col, 356 sq. C'est aussi la doctrine de saint I lasile : si l'eau bapl ismale a en elle quelque grâce, elle ne la tienl pas Or • .a propre nature, mais de la présence de l'Esprit-Saint, zv. rr,ç toû Y)z'i'}.-/-'jc 7tapou
The text on this page is estimated to be only 24.61% accurate 507 SACREMENTS. NOTION, LES PÈRES LATINS 508 confirmation était comme un complément du baptême et, pour ce motif, n'en était pas toujours nettement distingué. Voir ici Confirmation, t. ni. col. 10321033. Néanmoins Didyme l'Aveugli le distingue expressément. De Trinitate, 1. II. c. xu, P. G., l xxxix, col. 660 A. Cf. Hardy, Didyme l'Aveugle, Paris, 1910, p. 150. Saint Cyrille de Jérusalem lui consacre la catéchèse xxi.P. G., t. XXXIII, col. 1089 sq. Ce l'ère a bien mis en relief le symbolisme efficace de la continuai ion : L'huile parfumée 'w'jzvj. -/cln-iy. qui devait servir à l'onction était préalablement bénite par l'évêque. Dès lors, ce n'était plus, d'après la théorie de saint Cyrille, du chrême simple (u.ùpov y'./.ov i : mais, de même que le pain euchai istitjtic de îeut. par l'épi le corps du Christ, ainsi le chrême, par l'invocation, est devenu » le charisme du Christ productif du Saintk Esprit, par la présence de sa divinité . Xpioroû /ipiapta xal IIveopJXTOÇ â-flou, Trapouaîa rr.c 7.Jtvj (iz'jT rrroç èvepYerntôv yivôiisvov. Cat., xxi. .''>. ibid., col. lO'.t'J V Le Saint-Espiil est dans le chrême. comme il est dans l'eau baptismale, et il agit en lui et par lui. Ainsi l'huile parfumée est l'antitype, iv-i-rj-ov, du Saint-Esprit, ibid., I, col. 1089 A. Expression qui ne signifie pas — comme on peut le voir — qu'elle en est un simple symbole ou une simple image, mais qu'elle le contient et constitue l'élément sous lequel il exerce et cache son action. » 'fixeront. Hist. des dogmes, t. n, p. 170-171. L'effet de la confirmation est souvent indiqué par le mot açpxviç. La formule du rite (forme) était, d'après saint Cyrille : — çpa■fiç Sojpsàç xoO IIvE'J(xaToc iyî'j'j. Cat., xvm, 33, col. 1056 B. Cf. Ct t., m. i:>. xvm, 33, xxi. 1 ; xxn, 7. col. 448 A, 1056 B, 1092 H. tint B; S. Athanase, Epist. ad Serapionem, in, n. 3, P. G., t. xxvi. col. 628 B; Didyme, De Trinitate, 1. II. c. xiv. I>. G.. t. xxxix, col. 712; le Satramentaire de Sérapiun. xx, n. 2. dans Funk, Didasealia et < jinstitutiones aposl., t. n, p. 18f>: Constituliones apost., III, xvn, 1; VII, xxn. 2 ibid., t. i, p. 211, 406. Écho de la doctrine déjà implicitement acquise de l'ex opère operato. En ce qui concerne l'eucharistie, le symbolisme
d'Origène est tenu en méfiance par les Cappadociens et trouve des adversaires irréductibles chez les Antiochiens, notamment Théodoie de Mopsueste et Jean Chrysostome. La réaction de Chrysostome est même excessive. S. Jean Chrysostome, In Joannem. hoin. xi.vi. n. 3; cf. In Matth., nom. i.xxxii, n. -1. P. G.. t. lix, col. 260-261, t. lviii, col. 743. Voir Tixeront, op. cit., p. 178-180. Athanase et Didyme sont dans une note réaliste qui se contente d'affirmer la présence réelle. Id.. p. 173-174. Mais, pour autant, le symbolisme ne perd pas ses droits. Dans la formule d'anamnèse qu'il présente, l'euchologe de Sérapion appelle le pain et le vin la icssemblance, ôp.oîcou.a, du corps et du sang du Monogène, xin, 12, 14, dans Funk, op. cit., t. il, p. 175. Dans son homélie xxvn, n. 17, Macaire écrit que les prophètes et les rois ont ignoré « que dans l'Église est offert le pain et le vin, figure (àvri-ruTCOv) de la chair et du sang du Christ : ceux qui participent à ce pain visible mangent spirituellement iuvsuu/xtixôç) la chair du Seigneur ». P. G., t. xxxiv. col. 705 B. Ce mot àv-rf-ruitov se lit également chez Cyrille de Jérusalem, Cat., xxm, 20; cf. xxn, 3, P. G., t. xxxiii, col. 1124 C. 1100 A: chez Grégoire de Nazianze, Oral., vin, n. 18, P. G., t. xxxv, col. 809 D; chez Épiphane Adv. hser.. lv, n. 6, P. G., t. xl, col. 981 AB. La doctrine de la conversion du pain aux corpi . du vin au sang, qui est à la base de toute la pensée des Pères grecs du iv siècle, explique l'emploi des mots 6u.oluu.oc et 4vtêtu7TOM et réduit le symbolisme eucharistique à ses justes propositons. Pour le comprendre, on devra observer que. « pour ces auteurs, le pain ct le vin, dans leui être naturel, ou par une institution de Dieu ou de Jésus-Christ, sont déjà une figure, un symbole du corps et du sang du Sauveur; (pie ces éléments deviennent, en effet, par la cori . cration - et dans leurs espèces — les signes sensibles du Christ corporellement présent, l'enveloppe réelle qui le contient ct sou, laquelle les fidèles le reçoivent. Rappelions-nous la théorie de saint Cyrille sur le chrême de la confirmation, antitype du Saint-Esprit . Tixeront, op. cit., p. 177. 178. Mais, par rapport au chrétien, ce corps et ce sang du Christ sont nourriture et breuvage spirituels. I e second sj mbolisme efficace, c'est-à-dire producteur de vie surnaturelle, est souligné par nos auteurs. Le corps est un pain spirituel, le sang un vin spirituel.
Cyrille, Cat., iv, 8, P. G., t. xxxiii. col. 165 A. Ils ^ont nourriture supersubstantielle (è7rioùaioç) destinée à sustenter à la fois l'âme et le corps. Caf.,xxm, 15, col. 1 120B. Grégoire de Nysse esquisse même une sorte d'explication scientifique de la transsubstantiation : la lle-t». 7cotïjtriç. Sur cette explication voir Tixeront, op. cit.. [). 182-183. Mais, par rapport à nous, le résultat de cette assimilation spontanée ■ est notre divinisation par l'union au corps de Dieu, notre incorruptibilité par notre communion à l'incorruptible. Dans les autres sacrements, la notion de symbole efficace apparaît beaucoup moins. L'efficacité de la pénitence est affirmée contre les novatiens. Grégoire de Nazianze. <>rat., xxxix. 19, P. C, t. xxxvi. col. 357 B. Quant à l'ordre, le geste symbolique et efficace de l'imposition des mains est indiqué par tous comme le moyen de conférer le sacrement. Consl. apost., 1. VIII, xvi. 2; xix. 2, édit. Funk. p. 523, 525. Seul, l'évêque peut, par l'imposition des mains, conférer l'ordre. Id., ibid., cf. xi.vi. II, p. 561. Mais cette imposition des mains était accompagnée de prières dont l'euchologe de Sérapion. xxvi-xxviii, édit. Funk, p. 189, 191 et les Constitutions apostoliques donnent les formules : VIII, v, p. 4 75 sq. ; cf. xvi, 2, p. 523 (prêtre); xvm, p. 523 (diacre); xx, p. 525 (diaconesse): xxi, 3, p. 527 (sous-diacre); xxn, 3, p. 527 (lecteurs). L'effet du sacrement est également affirmé. Saint Grégoire de Nysse observe que cet eflet est de séparer le prêtie du reste des chrétiens : bien qu'extérieurement il paraisse rester le même, une transformation intérieure s'opère en lui par une grâce et une vertu invisibles. Saint Grégoire compare cette transformation a la consécration des autels eu à la conversion eucharistique : ce qui implique un caractère permanent et stable. In baplismum Christi, P. G., t. xlvi, col. 583. Saint Jean Chrysostome, en faisant l'éloge du mariage, reprend le symbolisme indiqué par saint Paul. Eph., v, 22-23. In Eph., hom. xx, n. 4, P. G., t. i.xn. col. 139- 140. 2° Les Pères latins. — Si la notion du symbolisme efficace trouve déjà, chez les Grecs, une réelle consistance dès le ive siècle, elle nous apparaît, bien plus nette encore, principalement en ce qui concerne le baptême et l'eucharistie, dans l'Église latine. C'est d'ailleurs, comme le fait observer P. Pourrat, dans l'Église latine que s'est véritablement développée la théologie sacramentaire. Op. cit.,
p. 12. 1. Autour de Tertullien. — En même temps qu'il fait l'application du mot sacramentum aux rites sanctificateurs, Tertullien commence à analyser le symbolisme efficace que recouvre la notion de sacrement. II faut avouer toutefois que sa doctrine de la corporéité relative de l'âme l'a ici desservi. Cf. É. de Backer, Sacramer.tum. Le mot et l'idée représentée par lai aans les oeuvres de Tertullien, Paris, 1905, p. 113 sq. Toutefois, il serait inexact de prétendre que Tertullien a ignoré le symbolisme sacramentel. Le symbolisme qu'il discerne est celui qui résulte de l'appropriation du rite à son effet. Un texte est vraiment remarquable
The text on this page is estimated to be only 23.19% accurate ,ll!t SACREMENTS. NOTION, LES PÈRES LATINS à ce sujet : il marque à la fois l'action extérieure parfaitement physique et réelle et, à côté de cette opération corporelle, l'effet spirituel qu'elle Hgure e1 (ju'elle produit : Caro ubluilur ut anima emaculelw; raro ungitur, ut anima consecretur; caro signatur, ut et anima muniatur; caro manus impositioneadumbralur, ut et anima spiritu illuminelur; caro corpore et sinnunnr Chrisli vescilur, ut et anima de Deo saginetur. De resurreetione carnis, c, vin. P. I... t. 11, col. 806 B. On i rouve d'ailleurs l'expression du menu- symbolisme appliqué au baptême eu d'autres écrits. Voir surtout De preescript.. c. xl. t. ri, col. 54: De baptismo, c. i. iv. ix. t. i. col. 1197, 1203, 1209. L'explication de l'efficacité du symbole sacramentel se ressent quelque peu de la philosophie matérialiste de l'auteur. Si le prêtre invoque le Saint- Esprit pour bénir les fonts, e'est que le Saint-Esprit descend dans l'eau pour lui donnei une vertu sanctificatrice. De baptismo, c. îv, t.i. col. 1204 A; cf. e. vm, col. 1207. L'imposition des mains qui suit l'ablution — vraisemblablement la confirmation — fait circuler le Saint-Espri* en nous, comme le jeu des doigts fait circuler l'air dans l'orgue. Id., ibid. Sur cette image, voir De an ima. c. m, iv, t. n, col. (151. (152. Une telle explication de l'efficacité sacramentelle — si exacte soit-elle sous un certain aspect (les textes du missel, au samedi saint, en font foi) — paraît néanmoins diminuer l'importance des paroles qui constituent ce que nous appelons la forme du sacrement. Et peut-être bien les formules de Tertullien, qu'on retrouve équivalemment chez d'autres Pères, représentent-elles une tradition dont on n'a pas assez tenu compte dans l'idée qu'on doit se faire de la réalité du sacrement. Voir plus loin, col. 533-534; 575. On sait que le symbolisme sacramentel, appliqué par Tertullien à l'eucharistie, l'a fait accuser d'enseigner un symbolisme excluant la présence réelle. Voir l'interprétation de la pensée de Tertullien, t. v, eol. 1130 sq. 11 semble bien que l'allégorisme scripturaire se complète du symbolisme sacramentel, tout en respectant la réalité de la présence eucharistique qu'exprime nettement Tertullien en
maints endroits. Voir les références, t. v. col. 1130: A. d'Alès, Lu théo la/lie de Tertullien, p. 355 sq.; P. BatifTol. L'eucharistie, la présence réelle et la transsubstantiation, Paris, 1913, p. 204-226. Cf. Tixeronl, op. cit., p. 135. Si Tertullien donne le nom de sacrement au baptême, a la confirmation, à l'eucharistie et au mariage, voir ci- dessus, col. 489, il sait que la pénitence est elle aussi un signe sacré qui sanctifie celui qui la revoit. Le symbolisme du signe est peu marqué, mais son efficacité apparaît surtout dans le parallélisme établi entre le baptême et la pénitence. Analogie des effets : le baptême suppose une. pénitence qui a pour but de purifier et d'affermir le catéchumène de façon a rendre durable l'effet du sacrement. De pœnitenlia, c. vi, t. r, col. 1237 sq. Mais les défaillances se produisent, auxquelles Dieu remédie en offrant aux pécheurs une « planche de salul : » Une fois fermée la porte du pardon, une fois tiré le verrou du bapl ême, Dieu a permis qu'il demeurât encore une ouverture : il a placé dans le vestibule (de l'Église) une seconde pénitence, qu'il ouvre à ceux qui frappent. C. vu, col. 1241 B. Cette pénitence implique des rites extérieurs : confession, expiation plus ou moins longue, réconciliation par le ministère de l'évêque. C. vin, ix, 1. 1, col. 1243-1244: cf. De pudicitia, c. x, xvm, t. n. col. 1000 li: 1016 1017. Sur la forme de celte réconciliation, Tertullien ne nous donne pas de détails, mais l'effet de la uriiiu accordée par l'évêque est de taire disparaître le péché. Cette vérité, à peine esquissée uans le De psenitentia, est mise in meilleure évidence, quoique avec îles restrictions par où s'affirme l'hérésie montaniste, dan-, le De pudicitia. c. ri, lanne deliclum mit venin dispungit aut pâma... P. I... t. n, col. 985 A. Cf. Galt ici, L'Église et la rémission des péchés dans 1rs premiers siècles, p. 32; A. d'Ales. La théologie de Tertullien. p. :;i7. Le rite par lequel et aient confères les différents ordi es es1 déjà appelé par Tertullien ordinalio. De prœscript.. c. xii. t. n. eol. 56. On sait que cette ordinalio se faisait par l'imposition des mains, voir Ordre, t. xi. col. 1245-1246. Tertullien ne nous cl ï t rien de la prière qui accompagnait cette imposition des mains. Mais on peut supposer, d'après les documents quasicontemporains. i[ue cette prière appelait le SaintEsprit da.is l'âme des ordinands. Voir la Tradition apostolique
d'Hippolyte, dans Duchesne, Les origines du culte chrétien, 5° éd.. appendice, et le De aleatonbus. ::. dans Texte und L'ntersuchungen. t. v, fasc. 1. Leipzig, 18Ï8. p. ltî. Quant au mariage, Teitullien lui attribue le nom de saerainenlum et lui reconnaît, après saint Paul, le symbolisme de l'union de Jésus-Christ et de l'Église. Ce symbolisme sacramentaire existait déjà dès le début de l'humanité, proclamé par Adam lui-même. Dr anima, c. xi. I'. L.. t. n, col. 665 B. Que le mariage entre chrétiens soit chose sainte. Tertullien l'affirme hautement dans le Ad uxorem. 1. 11, c. ix; la grâce du baptême sanctifie le mariage contracté dans la gentilité et Dieu le ratifie. Ibid.. c. vu, t. ï, col. 1302 B. 1299 A. Bien plus, le rite et l'efficacité du sacrement semblent déjà suffisamment exprimés dans cette phrase du c. ix : Sufficiamus ad enarrandam felicitatem ejus matrimonii, quod Ecclesia conciliai, et confirmai oblalio,
The text on this page is estimated to be only 25.48% accurate 51 I SACREMENTS. NOTION, LES PÈRES LATINS .12 la controverse, mais simplement à en dégager les conséquences dogmatiques au point de vue de la théologie générale des sacrements. D'une part. Cyprien et ies rebaptisants, tout comme leurs adversaires, confessent que l'efficacité des sacrements leur vient du Saint-Esprit. D'autre part, ils attachent l'action du Saint- Esprit au fait d'appartenir à l'Église. Comment le ministre qui, n'étant pas dans I I n'a ni la vraie foi, ni la grâce, ni le Saint-Esprit, pourrait- il en faire part à un autre? Episl., lxx, n. 1 : lxix. n. .S; lxxi. n. 1. p. 767, 757, 771. Les hérétiques sont donc incapables de conférer validement baptême, confirmation et ordre : hœrelicum hominem sieut ordinare non licet, ncc mamim imponere, ita nec baptizare, née quicquam tancte et spiritualiler gerere, quando aliénas sit a spiritali et deijica sanctitate. Epist.. lxxv, n. 7, p. 81"). L'attitude du pape Etienne et le triomphe partiel de sa pratique montrèrent qu'une tradition dogmatique (nihil innovelur nisi quod traditch est ) existait dans l'Église, disjoignant la question de la validité de celle de la licéité ou même de la fructuosité du sacrement, ou encore la question du pouvoir et celle de la valeur morale ou de la foi du mini. Ire. Le parti romain n'avait pas manqué d'ailleurs de mettre en relief, d'une manière explicite, cette dernière distinction : il insistait sur la puissance des noms divins invoqués dans la formule baptismale, puissance qui s'exerce indépendamment de la foi ou de la dignité du ministre. Cf. S. Cyprien, Epist., i.xxm, n. 4; i.xxv. n. 9, p. 781. 81."). C'est surtout dans le Liber de rebaptismate qu'est exposée cette considération dogmatique. Pour recevoir toute l'efficacité du baptême, remarque l'auteur de cet écrit, il faut renaître de l'eau et de l'Esprit. C. Il, éd. Hartel, p. 71. Sans doute, renaître de l'Esprit est la chose principale, puisque la cérémonie de l'immersion est susceptible d'être suppléée, comme on le voit dans le martyre. C. xi, xiv, xv, p. 83, 86-87, 88-89. Toutefois, on peut renaître de l'eau sans renaître de l'Esprit : l'un peut aller sans l'autre. C. in, iv, p. 73-74. Ainsi en est-il dans le baptême des hérétiques. L'immersion faite par
un hérétique > au nom de Jésus » (sur cette formule employée par les Romains, voir A. d'Alès, La théologie de saint Cyprien, p. 228- 229) garde la vertu de cette invocation, et cette vertu est telle qu'elle commence l'œuvre de la régénération. Le rite n'a pas besoin d'être renouvelé. C. vi, vu, x. xn, xvi. p. 76-7X. 81. 83, 87. Si le baptisé meurt avant de revenir à la vraie foi, son baptême non seulement ne lui sert de rien, c. vi, vu, x, mais il aggrave sa condamnation. Par contre, s'il se convertit, c'est assez de compléter, par la collation du Saint-Esprit (l'imposition des mains), la première cérémonie, pour qu'elle obtienne son plein et entier effet. C. x. cf. c. xn; xv. On le voit, la querelle des rebaptisants servit, à sa manière, à faire progresser le dogme de l'efficacité du rite baptismal. Par contre, le symbolisme sacramentel n'est envisagé par Cyprien que d'une manière rapide et superficielle. L'eau signifie l'ablution intérieure de l'âme; elle garde sa signification, quel que soit le mode du baptême, immersion ou simple aspersion (infusion). Epist., i.xix, n. 12. p. 761. De même, l'huile est l'image de l'onction spirituelle de l'âme. Epist., lxx, n. 2, n. 768. I e i il- m rement est également appliqué par Cyprien a la confirmation (saeramenlo utroque mis euntur). Epist.. lxxii, n. 1; cf. lxxiii. n. 21. p. 775, 79.">. L'évêque de Carthage en indique le fruit propre : signaculum divinum, Epist.. i.xxm, n. y. p. 785; cf. n. 6, p. 783; ou signum Christi. Ad Demetrianiun c. xxii, p. 367. Pour la validité de la confirmation, connue pour celle 'lu baptême, Cyprien (comme Firl .l'un faux supposé, a savoir que pour donner le Saint-Esprit au nom du Christ, le ministre doit déjà le posséder connue mandataire de l l glise. Epist.. lxxv, n. 12. p. 81S et n. 18. p. 822. Mais, en affirmant que l'imposition des mains (manuum imponere ad accipiendum Spirilum Sanction ) confère le Saint-Esprit. Cyprien n'ignore pas que le baptême est inséparable du Saint-Esprit. La confirmation ne fait donc qu'apporter une plénitude d'un don déjà possédé. Epist.. i.xxiv. p. 802; cf. iT irmilieii ) Epist., lxxv, n. 9, p. 816. En ce qui concerne le sacrement de l'eucharistie, le symbolisme sacramentel est fortement développé et utilisé. Rappelons tout d'abord que la foi de saint Cyprien en la présence réelle est aussi ferme que possible. Voir ici Eucharistie, t. v, col. 1132 sq.; cf. .1. 'fixeront, op. cit.. t. i. p. 136
sq.; P. Batiffol, op. cit., p. 227 sq. Sous ce rapport, l'efficacité du sacrement est donc indiscutable. Son symbolisme est multiple et Cyprien en présente les différents aspects selon les exigences de la controverse. Défenseur de l'unité de l'Église contre les novatiens, il trouve dans l'eucharistie le symbole de cette unité. Le pain est composé dune multitude de grains de froment moulus ensemble: il représente les fidèles unis au Christ et ne formant qu'un corps mystique avec lui. Epist., i.xix. n. 5, p. 72n. C.- symbolisme avait déjà été souligné. par la Didachè, voir col. 199. Quelques évêques d'Afrique avaient une pratique singulière, celle de ne mettre dans le calice que de l'eau, sans vin. A ces ■ aquariens », Cyprien rappelle dans la lettre lxhi la discipline de l'Église sur ce point et le symbolisme qu'il comporte : il faut les deux, vin et eau; l'eau mélangée au vin est la figure du peuple chrétien uni au Christ, n. 13, p. 711. Le symbolisme du sacrement se retrouve également dans le sacrifice : l'eucharistie est le symbole lu sacrifice du Christ; mais elle n'est pas un pur symbole, elle est aussi un vrai et complet sacrifice, n. 17, p. 715. Le sacrifice de l'eucharistie est une représentation du sacrifice du Christ, mais une représentation qui en contient vraiment la réalité. Voir le développement de ces idées dans A. d'Alès, op. cit., p. 249-262. L'efficacité du sacrement existe également par rapport aux effets produits par l'eucharistie dans l'âme du chrétien. Avant tout, l'eucharistie produit notre incorporation au Christ : « Nous demandons chaque jour que notre pain, c'est-à-dire le Christ, nous soit donné; afin que. demeurant et vivant dans le Christ, nous ne nous séparions pas de ce corps qui nous apporte la sanctification. «De oiat. dom., c. xvm. édit. Hartel, p. 280. L'eucharistie est encore le sacrement de la force et de la vaillance spirituelles, le sacrement qui fait les martyrs. Aussi, à l'approche de la persécution, saint Cyprien décide-t-il de relâcher quelque chose de la rigueur ordinaire et d'admettre à la communion même les apostats, s'ils donnent des gages de repentir. Ne faut-il pas les munir pour la vie et les armei pour de nouveaux combats? Epist., lvii, n. 2. p. 651 i Ce qui est à remarquer chez Cyprien, c'est la manière dont il veut, à l'exemple de Tcrtullicn dont il s'inspire volontiers, rendre sensible la réalité de l'action divine dans le sacrement. Tout le passage du lie oratione
dominica, dont nous venons de donner la conclusion, marque cette action dans l'eucharistie. Voir A. d'Alès, La théologie de saint Cyprien, p. 268-269. La pénitence est présentée par Cyprien comme la rémission des péchés par le ministère des prêtres. De lapsis. n. 29. p. 2.">S. Cefte seule indication suffirait a montrer que la pénitence est un sacrement. Confession (exomologèse), satisfaction, réconciliation, tels sont les trois actes de la pénitence, tels que Cyprien. âpre, Tertullien, les énumère et décrit. Les mots dont Cyprien se sert pour parler de la réconciliation :
The text on this page is estimated to be only 24.13% accurate 513 SACREMENTS. NOTION, LES PÈRES LATINS remissio, pax, communicatio (participation à la communion), indiquent bien l'effet même du sacrement. Comme Tertullien, Cyprien nous montre le rite de la réconciliation dans l'imposition des mains accomplie par l'évêque et par le clergé. Epist., xv, n. 1, p. 514; xvi. n. 2, p. 518; xvn, n. 2, p. 522; xvin. n. 1, p. 524; xix. n. 2. p. 525; i.xxi. n. 2, p. 772; lxxiv. n. 1. p. 799 (citation «lu pape Etienne), n. 12. p. 809. On trouve la même imposition de.s mains pour la réconciliation des pénitents dans deux suffrages émis au concile de septembre 256, Senientise episcoporum, n. 8 et 22, p. 441. 1 15. Nous avons ainsi, chez Cyprien, tout l'essentiel du rite sacramentel de la pénitence. Cyprien s'étend longuement sur les qualités que doivent posséder les évèques et les ministres inférieurs à l'épiscopat. 11 détaille minutieusement toutes les conditions d'une ordinatio justa et légitima. Mais il est. au contraire, très discret sur le rite sacramentel de l'ordination. Chez Cyprien. les mois ordinare, ordinatio, Epist.. lxxii, n. 2. p. 776; lxvii, n. 4, p. 738; xxxviii. p. 579-581, et d'autres mots dans le cas du prêtre et des sous-diacres et lecteurs, Epist., xr, p. 585-580, désignent immédiatement l'élection même à l'ordre; mais, dans leur sens plénier, ils expriment aussi le rite sacramentel, qu'à coup sur Cyprien ne méconnaît pas. Il y fait même une allusion directe, à propos de la consécration épiscopale de Sabinus Epist., lxvii, n. 5, p. 739. Une autre allusion se rencontre sous la plume du pape Corneille, écrivant à Cyprien, Epist., xlix, n. 1. p. 610, à propos de Xovatien, qui, on le sait, se procura l'imposition des mains de trois évèques d'Italie. Voir Ordre, t. xi, col. 1246. L'ordination a pour effet de conférer le Saint-Espiit : or, le Saint-Esprit ne se trouve que dans l'Église catholique. Les ordinations faites par des hérétiques ou des schismatiques sont donc nulles : validité et licéité ne font qu'un pour Cyprien. Epist., lxix. n. 11, p. 759; cf. n. 8, p. 757. Confusion qui sera une source de cou Hits pendant mille ans dans l'Église catholique, voir Réordinations, t. xiii, col. 2396 sq., mais qui aura du moins pour résultat, comme la querelle des rebaptisants, de mettre
en évidence la distinction entre validité et licéité. En somme, du moins pour les cinq sacrements dont on vient de parler, saint Cyprien possède déjà une notion suffisamment nette du silène sacré, producteur de la grâce dans l'âme de qui le reçoit. Peu de choses manquent encore pour arriver à la notion complète et définitive. 3. Les prédécesseurs immédiats il:' suint Augustin au IVe siècle. — ■ L'Église latine, au iv siècle, connaît, sans discussion possible, les rites producteurs de la grâce que nous désignons aujourd'hui sous le nom de sacrements. Toutefois, ce nom est encore plus spécialement réservé aux trois sacrements île l'initiation chrétienne, baptême, confirmation, eucharistie. C'est uniquement de ces sacrements qu'ont parlé saint Ainbroise dans son De mysteriis et l'auteur du De satramentis. Toutefois, ces auteurs ont émis des idées générales qui peuvent s'appliquer à tous 1rs sacrements. Ces deux auteurs distinguent nettement le rite luimême et la grâce produite en celui a qui l'on applique le rite. Ambroise, De mysteriis, n. .s. 11. 20, P. ! ■■■ t. xvi (édit. de 1866), col. 108 H. 109 C, 411 H; De sacramentis, 1. I, n. 10, col. 138 C. Mais le rite luimême comporte un symbolisme, répondant à la double nature de l'homme, et qui csl a la hase de son efficacité. L'eau ou l'ablution est la figui i cation intérieure qui résulte du baptême Cum ex duabus naturis homo, id
The text on this page is estimated to be only 28.32% accurate SACREMENTS. NOTION, LES PÈRES LATINS 5 I 5 une nette et explicite distinction de la validité et de l'efficacité nu fructuosité du sacrement, Optât s'engage cependant résolument sur la voie qui y conduit. Pour lui. trois facteurs (specics) sont à distinguer dans le baptême : la formule trinitaire avec laquelle on le confère, le croyant qui le reçoit, celui qui l'administre. Ces troi., facteurs n'ont pas la même importance : deux sont nécessaires, le troisième est d'une nécessité moindre. Tout d'abord, l'invocation trinitaire : rien ne peut se taire sans elle. Ensuite la foi du sujet baptisé. Enfin, ricina, quse simili aucioritatt esse non potest, la personne du ministre. !.. V, n. -1. col. 1051 B. Le baptême est comme un corps qui a des membres, des éléments déterminés, invariables, qui ne sauraient changer. Or, la personne du ministre ne fait pas partie de ces éléments immuables. Les sacrements sont donc indépendants de lui. Ils sont saints par eux-mêmes, non par les hommes qui les donnent : sacramenla per se esse sancta, non per homines. Col. 1053 A. Les hommes ne sont que les ouvriers, les ministres de Dieu, les instruments de Jésus-Christ, ministre principal du baptême. Ils ne sont pas les maîtres du sacrement qui est chose divine, ils ne font qu'en appliquer le rite. C'est Dieu qui purifie l'âme et la sanctifie et non pas l'homme. Col. 1053 A. Optât parle d'une manière générale et étend lui-même ses conclusions à la confirmation. L. VII, n. 4, col. 1089 AB. L'importance accordée par Optât à la formule trinitaire montre que cet auteur rejetait comme invalide le sacrement administré par des hérétiques, faute de vraie foi dans le sujet ou le ministre. On cite surtout 1. I. n. 12; 1. V, n. 1, col. 007-908, 1045 A. Voir aussi saint Pacien, Epist., m, n. 3, 22. P. L., t. xiii. col. 1065, 1078. Quoi qu'il en soit, Optât n'hésite pas en ce qui concerne le baptême des simples schismatiques et des pécheurs manifestes : leur baptême est valide et ne doit pas être renouvelé. Cf. 1. V, n. 3, col. 10-18 B. Les Pères du ive siècle admettent que le baptême est efficace même à l'égard des enfants sans raison. Zenon, Tractalus, 1. II, xm, n. 11; cf. 1. II, xi.in, n. 1, P. L., t. xi, col. 353 B, 493; Sirice,
Epist., i, n. 3. P. L., t. xm, col. 1135 A. Il leur est nécessaire pour entrer dans le royaume des cieux. Ambroise, De Abraham. 1. II, c. xi, n. 84, P. L., t. xiv (édit. de 1800). col. 521 C. Ce baptême est unique et ne saurait être renouvelé, s'il est administré validement. Zenon, Tract., 1. II. xxxvi, P. L., t. xi, col. 482: Ambroise. In Luc. 1. VIII, n. 78, P. L., t. xv. col. 1880 D. Du côté du sujet, certaines dispositions sont la condition de l'intervention divine. C'était déjà la thèse de saint Optât; mais on note encore quelques hésitations touchant la portée de cette condition. S'agit-il d'une condition à la validité ou simplement à la fructuosité du sacrement? La chose n'est pas claire. Voir la lettre de Sirice à Himérius de Tarragone, n. 2. P. L., t. xm, col. 1133 A, et S. Ambroise, De Spirilu Sancto, 1. I. c. m, n. 42, P. L., t. xvi. ecl. 743 A. Nous trouvons également chez nos auteurs les indications relatives aux ministres du baptême. Cf. S. Jérôme, Dialng. contra lucijerianos, n. 9, P. L., t. xxm (édit. d. 1865), cil. 172 BC. Mais ils s'étendent surtout sur lis effets produits par ce sacrement. Le baptême efface les péchés, nous dépouille du vieil homme, nous revêl de Jésus-Christ et nous régénère; il nous rend les temples de Dieu, les enfants adoptifs de Dieu, nous communique le Saint-Espri*, donne à nos corps l'immortalité et nous met en possession de l'héritage céleste. Cf. s. Hilaire, In ps. lziii, n. 11; 1X711, n. 30; ;,.|-, n. II. /'. L., t. ix. col. 344 A. 165 A, 128 C; In Mallh., c. n, n. 6; c x. n. 21. ibid., 516 col. 927 B, 970 C: Yictorin de Pettau, In epist. ad . in. v. 27; iv, y 10. P. L.. t. vin, col. 1173 B, 1181 B: Zenon. Tract., 1. I, xn, n. 4; xm, n. 11; 1. II, xiv, n. 1; xxvii, n. 3: xl: l; lxiii, P. L., t. xi. col. 311 D. 353 A. 436 sq., 469 B, 488 sq., 506, 519 A; S. Pacien, Serm. de baptismo, n. 3, 0, P. L., t. xm, col. 1091. 1C92; S. Ambroise, In ps. cxviii, serm. i. n. 17. P. L., t. xv. col. 1271 D; De Caîn et A bit. 1. II. n. in. t. xiv. col. 364 Ali: De inlerpellatione .lui, et David, 1. IL n. 36. ibid., col. 800 CD; cf. De sacramentis, 1. III, c. i, n. 2. P. L., t. xvi, col. I5il C: S. Jérôme, Dialng. contra luciferianns. n. 6, P. L., t. xxm. col. 108-100: Nicétas. De sijmbolo, n lu. P. L., t. lu, col. 871 C. Le rite de la confirmation présente, lui aussi, le symbolisme et l'efficacité propre aux rites sacramentels. C'était l'imposition de la main et l'onction d'huile parfumée qui la suivait. L'existence de ce rite est affirmée par tous nos auteurs. En
sortant de la piscine baptismale, le baptisé recevait une onction verticale sur la tête, et l'évêque lui imposait ensuite la main en invoquant l'Esprit septiforme. Sur cette onction, faite avec le saint chrême par le prêtre ou par l'évêque, voir ici t. n, col. 210. Bien n'indique qu'elle appartint à la confirmation. C'est au IVe siècle que l'usage s'introduisit à Rome, et plus tard dans les Églises de rite gallican, d'ajouter à l'imposition de la main un signe de croix fait au front avec le pouce trempé dans le saint chrême. Voir ici, t. m, col. 1939. Cf. P. Galtier, La consignation à Carthage et à Rome, dans Recherches de science religieuse, juillet 1911; La consignation dans les Églises d'Occident, dans Revue d'histoire ecclésiastique, janvier 1912. Le résultat de cette cérémonie est de parfaire le chrétien, quia post fonlem superest ut perfectio fiât, de faire descendre en lui l'Esprit-Saint, de lui imprimer une marque, un caractère, spirilale signaculum, signaculum quo fides pleno fulgeat sacramento. De sacramentis, 1. III, n. 8, P. L., t. xv, col. 434; S. Ambroise, De mysteriis, n. 41-42, t. xvi, col. 401-402. Saint Ambroise expose les multiples symbolismes de la confirmation. L'onction rappelle l'onction faite autrefois sur la tête et sur la barbe d'Aaron; elle est la figure de l'onction spirituelle, par laquelle nous sommes oints membres du royaume de Dieu et prêtres. Ibid., n. 30, col. 415. Sur la distinction de la confirmation et du baptême, voir plus loin. Institution des sacrements, et ici, t. ni, col. 1041-1H12. Les Pères du ive siècle n'ont aucune hésitation sur la puissance de.- paroles consécratoires du pain et du vin dans l'eucharistie. La présence réelle est un dogme affirmé par eux avec une netteté absolue. Voir ici Eucharistie, t. v, col. 1151-1158. Si quelques expressions leui échappent encore, empruntées au symbolisme des espèces sacramentelles, elles ne détruisent pas la force de leur témoignage en faveur du réalisme et s'expliquent facilement en raison du symbolisme lui-même dont elles procèdent. Ce symbolisme sacramentel de l'eucharistie est exprimé avec une rare précision par saint Ambroise, grâce à sa doctrine déjà très explicite de la conversion eucharistique. La • ration divine » de l'eucharistie, « opérée par les paroles mêmes du Christ », « change la nature > du pain et du vin et en fait « le sacrement du corps et du U Sauveur ». Quand on considère ce mystère, bien mieux encore
que lorsqu'il s'agit du baptême, il ne faut pas s'arrêter à ce qui se voit. Ce qui se voit, c'est le sacrement du corps et du sang du Christ, c'est-à-dire le signe, le symbole sous lequel le corps et le sang du Christ sont réellement piésents : Forte dicas : aliud video, quomodo tu mihi asseris quod Christi corpus accipiam ?... Probemus non hoc esse quod natura formaoit, sed quod benediclio consecravit...
The text on this page is estimated to be only 21.43% accurate .M 7 SACREMENTS. NOTION, LES PÈRES LATINS 518 Quod si tuntum valu.it hvir.ana benedictio, ut naluram converteret (cf. III Reg . wiii. 38). quid dicimus de ipsa consecraticne divina, ubi m bu ipsa ! salvatoris cpcrantur? Nom sacramentum istud qui il accipis, Christi sermone conficitur... Ante benedictionem verborum cselestium alla species ncminatur, post consecralionem corpus signiftcatur. De mijsteriis, n. 50, 52, 54, P. t., t. xvi, col. 422 C, 123 C Cf. De saeramentis, 1. IV. n. 1-1. 23. col. I l [63 B Ce texte ambroskn est capital; il marque non seulement le symbolisme des espèces après la consécration, mais encore l'efficacité des paroles empruntées au Christ lui-même. La même valeur d'expression se retrouve dans le texte du De saeramentis, dont l'auteur semble avoir copié saint Ambroise : Tu forte diels : Meus punis est usiialus. Sut punis iste punis est unie verbu sacramentorum : ubi accesserit consecratio, de pane fit caro Christi. Et, pour expliquer l'efficacité des paroles sacramentelles, il prend l'ex< mple de la création : Si innlu vis est in sermone lit mini Jesu ut inciperent esse qiw m n n mit, quanto magis operalorius est ut sint quse étant et m atiud et wn:uteniur. Et la même efficacité se révèle par rapport au vin : Ante verba Christi calix est vini et uquie plenus : ubi verbu Christi operata juerinl, ibi snnyuis Christi rflicitur. qui plebem redemit. L. IV, n. 14- 16, 19, 23; Cf. 25; 1. VI, n. 2-4. P. /... t. xvi, col. 459 sq., 462 A, 463 B, 40-1 A, 473 sq. Outre l'efficacité dans la conversion au corps et au sang du Christ, il y a encore l'efficacité sanctifiante de l'eucharistie. C'est ce fine l'évêque de Milan veut exprimer en affirmant que le corps de Jésus-Christ dans l'eucharistie est un eorps spirituel, c'est-à-dire une nourriture spirituelle, la nourriture que peat donner le Verbe qui est esprit. De mysteriis, n. 58, P. L., t. xvi, col. 42G B. Aussi l'auteur du De saeramentis, îecommande-t-il la communion fréquente, voire quotidienne : Accipe quotidie quod quotidie tibi prosit. Sic vive, ut quotidie merearis accipi re. L. V, n. 25, t. xvi. col. 471 C. Il blâme les Grecs qui ne communient qu'une fois l'an. ld.. ibid. Cette communion exige des dispositions de la part
du chrétien, tout au moins une conscience pure. La communion sacrilège encourt une condamnation divine. Cf. Zenon. Tract., 1. L xv, n. 6, P. L.. t. xi, col. 566; S. Ambroise, De psenilenlia, 1. II, n. 87, t. xvi. col. 539 AB; l'Ambrosiaster, In episl. D"1 ad Cor., xi, 27-29, t. xvu, col. 25G CD. Bien reçue, l'eucharistie produit dans l'âme des fruits précieux. Le premier et le plus grand est de nous faire entrei par la chair du Christ en participation de s:l divinité : quia idem Dominus nosler Jésus Christus consors esl et divinitatis et corporis; et tu. qui accipis carnem, divine ejus substuntin- m illo participaris alimente De saeramentis, 1. VI, n. I. /'. I. . t. xvi, col. 17.". A: cf. S. Hilaire, De Trinitate, 1. VIII, n. 13 II. P. L., t. x, col. 246-247. Cette participation à la divinité du Sauveur nous communique la vie, la vie surnaturelle. la vie éternelle, la rémission des péchés, le pouvoir de produire des œuvres de salut e. de nous combler de joie céleste. Cf. S. Hilaire, In ps. CXXVIl, n. 6, P. L.,t. ix, cal. 706 B; S. Ambroise, De benediclionibus patriureliurum. n. :;'.'. P. £., t. XIV, col. 720 A; In lue., 1. X, n. 49, t. xv, col. [908 C: et l'auteur 'lu De saeramentis, 1. V, n. 11 17, I. xvi. col. 468 169. Les autres sacrements, pas plus au iv> siècle qu'aux époques précédentes, ne se prêtent, sous la plume des écrivains eccli m; stiques, à des considérations sur leur symbolisme. Du moins leur efficacité est-elle attestée, avec la même loree. Saiul Patien affirme, dans l'Église, le pouvoir de pardonner les péchés, «a- pouvoir apparticnl aux eveques. qui mil reçu le droit de lier ci de délier. Epist., III, n. 12; cf. Dpist.. i. 5. C. non pas qu'ils le fassent par leur propre vertu, mais parce qu'ils il au nom de Dieu : Solus hoc, inquics. liens poterit. Verum est. si il et quod ;>er sacerdotes suos jnc.it, ipsius potestas est. Ibid., î, n. 6; m. n. 7. Ce pouvoir n'est pas attaché à Imr sainteté personnelle, mais il découle tout entier ex apostolico jure, i. n. 7, et il est distinct iu pouvoil de remettre les péchés dans le baptême, m. n. il. P. L.. t. xm, col. 1071, 10J .. q., 1057 A. ici >; AD. 1058A, 1070 sq. Bien plus. Pacien établit un parallélisme entre l'action des sacrements de baptême e1 de confirmation et l'action de la discipline péniti ntit lie. Si ergo et lavacri et chrismalis potestas, majorum (et) longe charismatum ad episcopos inde descendit (c'est-à-dire des apôtres), et ligundi qui, que jus adfuii nique solvendi. Epist., i. n. Ci, /'. I... t. xm, col. 1057.
Voir ici. t. xn, col. 810. Saint Ambroise enseigne pareillement l'efficacité de la pénitence, le pouvoir des prêtres de remettre les péchés, pouvoir tmprunté à Dieu lui-même et dans l'exercice duquel les prêtres ne sont que l'instrument de la Trinité : Eeee quia per Spiritum Sanction fiereata donanlur. Domines autem in remissionem peccalorum minislerium suum exhibent, non jus alicujus potestalis exercent. Neque enim in suo, sed m Pntris et Filii et Spirilus Sancli m mine peccata dimitlunt. De Spirilu Sancto, I. III, n. 137, P. L., t. xvi, col. 842 D. Cf. De pxnilentia, 1. I, n. 7. 36, 37, col. 1X8. 497 CD. 498 A; Inps.ZZXVllJ, n.37, 38, t.xiv, col. 11C7-1108; Inps. i.WHI. si Tin. x. n. 17. P. 1... t. xv, col. 14(lâ; De Cain et Abel, 1. II, n. 15. P. L., t. xiv, col. 368 D. Voir également S. Hilaire, In Malth., c. xvm. n. 8, P. L.. t. ix, col. 1021 B; S. Jérôme, Epist.. xiv, n. 8, P. L., t. xxii, col. 352; In Eeclcsieisten, c. xn, f. 4, P. L., t. xxni, col. 1165; Tractalus in ps. xcv, dans Anccdeiia Maredsolana, m (2), p. 134. Nous n'avons pas ici à considérer les actes de la pénitence, ni les progrès qu'y apporte la discipline du rv« siècle, en Occident. Voir ici t. xn, col. 794 sq. Le seul point qui importe au concept du sacrement est de savoir si la sentence de réconciliation portée par l'Église est simplement déclaratoire au for de Dieu, ou si elle possède une réelle efficacité par rapport à la rémission même des péchés. Voir ici. t. xn, col. 810812. (>n ne peut nier que certains textes, notamment de saint Jérôme, In Malth., xvi, f. 19, P. L.. t. xxvi, col. 118; cf. Diatog. adv. luciferianos, n. 5, t. xxm, col. 167, laisseraient penser à une formule déclaratoire. Voir aussi S. Ambroise. De Spirilu Sancto, 1. III, n. 137, /'. I... t. xvi. col. 842 D-843 A. Mais ces textes peuvent ê1 ie et . a ni Ire avis doivent être — -interprétés dans le sens d'un pouvoir ministériel, instrumental, excluant . en ce qui concerne le premier texte de Jérôme, le pouvoir île juger arbitrairement, de lier l'innocent cl de (li lu r le coupable. Les lextes de saint l'acien, de saint Ambroise et du De saeramentis sont assez nets pour nous donner l'idée d'un véritable pouvoir de remettre les péchés, mais d'un pouvoir communiqué par Dieu à l'homme, son instrument. Pour la première fois, apparaît une- mention de l'extrême-onction, dans la lettre xxv d'Innocent I" . Décentius, n. 11, P. L., t. xx, col. 559 sq. Pour l'exégèse de cette lettre, en ce qui concerne l'extrême-onction,
voir ce mot, t. v, col. 1952 sq. Deux points importent ici. Innocent reconnaît l'extrême onction comme l'un des sacrements : elle doit être nlusée' aux pénitents, qui bus reliqua sacramenlu negantur. De plus, il lui reconnaît, sans l'expliquer positivement, un certain effet par rapport au malade, sans exclure, s'il y a lieu, la rémission même des péchés. Sans doute, le mot siierunienlu encore ici le sens qu'il aura plus tard, mais il désigne a coup sur une opérai ion sanctifiante pour
Welcome to our website – the ideal destination for book lovers and knowledge seekers. With a mission to inspire endlessly, we offer a vast collection of books, ranging from classic literary works to specialized publications, self-development books, and children's literature. Each book is a new journey of discovery, expanding knowledge and enriching the soul of the reade Our website is not just a platform for buying books, but a bridge connecting readers to the timeless values of culture and wisdom. With an elegant, user-friendly interface and an intelligent search system, we are committed to providing a quick and convenient shopping experience. Additionally, our special promotions and home delivery services ensure that you save time and fully enjoy the joy of reading. Let us accompany you on the journey of exploring knowledge and personal growth! ebookfinal.com

More Related Content

PDF
Security planning disaster recovery 1st Edition Eric Maiwald
byaekkiilo
 
PDF
Cyber security and cyber law
byDivyank Jindal
 
PDF
1-Computer_Security_EENG-524_Lecture-01.pdf
byUmarr Alie Sesay
 
PDF
(eBook PDF) Information Security: Principles and Practices 2nd Edition
byrrnohojhxx852
 
PPTX
LIS3353 SP12 Week 9
byAmanda Case
 
PDF
Cyber security for Developers
bytechtutorus
 
PPTX
Information security: importance of having defined policy & process
byInformation Technology Society Nepal
 
PDF
Getting users to care about security
byAlison Gianotto
 
Security planning disaster recovery 1st Edition Eric Maiwald
byaekkiilo
 
Cyber security and cyber law
byDivyank Jindal
 
1-Computer_Security_EENG-524_Lecture-01.pdf
byUmarr Alie Sesay
 
(eBook PDF) Information Security: Principles and Practices 2nd Edition
byrrnohojhxx852
 
LIS3353 SP12 Week 9
byAmanda Case
 
Cyber security for Developers
bytechtutorus
 
Information security: importance of having defined policy & process
byInformation Technology Society Nepal
 
Getting users to care about security
byAlison Gianotto
 

Similar to Security planning disaster recovery 1st Edition Eric Maiwald

DOCX
Project Quality-SIPOCSelect a process of your choice and creat.docx
bywkyra78
 
PDF
Principles of Information Security 6th Edition Whitman Solutions Manual
byjrbhirlt845
 
PDF
Principles of Information Security 6th Edition Whitman Solutions Manual
byyixinwuerzoa
 
PPT
Security issues in the wireless networks.ppt
byAvinashAvuthu2
 
PDF
Network Security Bible 1st Edition Eric Cole Ronald L Krutz
byndozearvit
 
DOC
Jennings it security overview 1 2
byDonald Jennings
 
PDF
Your Skill Boost Masterclass Online Safety and Cybersecurity Tips
byExcellence Foundation for South Sudan
 
PDF
Principles of Information Security 6th Edition Whitman Solutions Manual
bykuzykedje
 
PDF
Solution Manual for CompTIA Security+ Guide to Network Security Fundamentals,...
byxawobornil
 
DOCX
Security technology
byPraveen Kumar V
 
PPT
Ch01 Introduction to Security
byInformation Technology
 
PDF
Cyber Security in 2018
byChiranjit Adhikary
 
PPTX
Security_Awareness_Primer.pptx
byFaith Shimba
 
PDF
Need for cyber security
byJetking
 
PDF
Information Security Text And Cases 20 20 Gurpreet Dhillon
bylsaiahjumpei
 
PDF
Basic security concepts
byUpender Dravidum
 
PDF
Constructing Cybersecurity Power Expertise And The Internet Security Industry...
byvondystoma4r
 
PDF
Test Bank for Guide to Firewalls and VPNs, 3rd Edition
byaysheetabben
 
PDF
Hack Proofing Your Ecommerce Site The Only Way To Stop A Hacker Is To Think L...
byemodikatzi
 
PPTX
CYBERSECURITY | Why it is important?
byRONIKMEHRA
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
bywkyra78
 
Principles of Information Security 6th Edition Whitman Solutions Manual
byjrbhirlt845
 
Principles of Information Security 6th Edition Whitman Solutions Manual
byyixinwuerzoa
 
Security issues in the wireless networks.ppt
byAvinashAvuthu2
 
Network Security Bible 1st Edition Eric Cole Ronald L Krutz
byndozearvit
 
Jennings it security overview 1 2
byDonald Jennings
 
Your Skill Boost Masterclass Online Safety and Cybersecurity Tips
byExcellence Foundation for South Sudan
 
Principles of Information Security 6th Edition Whitman Solutions Manual
bykuzykedje
 
Solution Manual for CompTIA Security+ Guide to Network Security Fundamentals,...
byxawobornil
 
Security technology
byPraveen Kumar V
 
Ch01 Introduction to Security
byInformation Technology
 
Cyber Security in 2018
byChiranjit Adhikary
 
Security_Awareness_Primer.pptx
byFaith Shimba
 
Need for cyber security
byJetking
 
Information Security Text And Cases 20 20 Gurpreet Dhillon
bylsaiahjumpei
 
Basic security concepts
byUpender Dravidum
 
Constructing Cybersecurity Power Expertise And The Internet Security Industry...
byvondystoma4r
 
Test Bank for Guide to Firewalls and VPNs, 3rd Edition
byaysheetabben
 
Hack Proofing Your Ecommerce Site The Only Way To Stop A Hacker Is To Think L...
byemodikatzi
 
CYBERSECURITY | Why it is important?
byRONIKMEHRA
 

Recently uploaded

PDF
Result Analysis of the Pre Board 2025 .pdf
byDirectorate of Education Delhi
 
PDF
India Cybercrime Threats & Response 2025: Digital Arrests, 1930 Helpline & Ze...
bySanjay Rathod
 
PPTX
Cultivation Practice of Potato in Nepal.pptx
byUmeshTimilsina1
 
PPTX
1. Importance, scope and constraints of vegetable and spice crop production i...
byUmeshTimilsina1
 
PPTX
Centrifugation pharmaceutical engineering
byShraddha Bandgar
 
PDF
Teaching and Learning (BD1TL) - B.Ed TNTEU
byDr Raja Mohammed T
 
PDF
How to Report Cyber Fraud in India: Your Digital First Aid Kit (2025 Guide)
bySanjay Rathod
 
PDF
Life-Processes-in-Animals PPT/7TH CLASS NEW NCERT /CURIOSITY SCIENCE /BY K SA...
bySandeep Swamy
 
PPTX
What is Epiphany? A Visual introduction to this amazing liturgical season
bySteve Thomason
 
PDF
Renewable Energy Resources Unit 2 Easy notes (EduShine Classes).pdf
byaaquib913
 
PPTX
What are the Custom lot_serial number in Odoo 19
byCeline George
 
PPTX
OCCULTISM IN JEHOVAH'S WITNESSES' ARTWORK
byDaniel Barnea
 
PPTX
Acid Base Titration First Year B Pharm.pptx
byMs. Ashatai Patil
 
PPTX
Details Study of Joints (articulation).pptx
byAshish Umale
 
PPTX
CHAPTER 4. Size Reduction, Size Separation, Mixing, Filtration, Drying, Extra...
bySharibJamal
 
PDF
Gaming Quiz 2025- 27th October 2025, Quiz Club NITW
byQuiz Club NITW
 
PPTX
Aplastic_Anaemia_PA17.1_Presentation.pptx
byDibyajyoti Prusty
 
PPTX
All Things 2025 - A Year in Review Quiz!
byShashank Jogani
 
PPTX
L5 DRG Pulsed Radiofrequency ablation.pptx
bySandeep Margan
 
PPTX
3. Off-season and protected cultivation of vegetable crops.pptx
byUmeshTimilsina1
 
Result Analysis of the Pre Board 2025 .pdf
byDirectorate of Education Delhi
 
India Cybercrime Threats & Response 2025: Digital Arrests, 1930 Helpline & Ze...
bySanjay Rathod
 
Cultivation Practice of Potato in Nepal.pptx
byUmeshTimilsina1
 
1. Importance, scope and constraints of vegetable and spice crop production i...
byUmeshTimilsina1
 
Centrifugation pharmaceutical engineering
byShraddha Bandgar
 
Teaching and Learning (BD1TL) - B.Ed TNTEU
byDr Raja Mohammed T
 
How to Report Cyber Fraud in India: Your Digital First Aid Kit (2025 Guide)
bySanjay Rathod
 
Life-Processes-in-Animals PPT/7TH CLASS NEW NCERT /CURIOSITY SCIENCE /BY K SA...
bySandeep Swamy
 
What is Epiphany? A Visual introduction to this amazing liturgical season
bySteve Thomason
 
Renewable Energy Resources Unit 2 Easy notes (EduShine Classes).pdf
byaaquib913
 
What are the Custom lot_serial number in Odoo 19
byCeline George
 
OCCULTISM IN JEHOVAH'S WITNESSES' ARTWORK
byDaniel Barnea
 
Acid Base Titration First Year B Pharm.pptx
byMs. Ashatai Patil
 
Details Study of Joints (articulation).pptx
byAshish Umale
 
CHAPTER 4. Size Reduction, Size Separation, Mixing, Filtration, Drying, Extra...
bySharibJamal
 
Gaming Quiz 2025- 27th October 2025, Quiz Club NITW
byQuiz Club NITW
 
Aplastic_Anaemia_PA17.1_Presentation.pptx
byDibyajyoti Prusty
 
All Things 2025 - A Year in Review Quiz!
byShashank Jogani
 
L5 DRG Pulsed Radiofrequency ablation.pptx
bySandeep Margan
 
3. Off-season and protected cultivation of vegetable crops.pptx
byUmeshTimilsina1
 

Security planning disaster recovery 1st Edition Eric Maiwald

  • 1.
    Security planning disasterrecovery 1st Edition Eric Maiwald - Downloadable PDF 2025 https://ebookfinal.com/download/security-planning-disaster-recovery-1st- edition-eric-maiwald/ Visit ebookfinal.com today to download the complete set of ebooks or textbooks
  • 2.
    Here are somerecommended products that we believe you will be interested in. You can click the link to download. Network Security A Beginner s Guide Second Edition Beginner s Guide Eric Maiwald https://ebookfinal.com/download/network-security-a-beginner-s-guide- second-edition-beginner-s-guide-eric-maiwald/ Disaster Recovery Planning for Communications and Critical Infrastructure Artech House Telecommunications 1st Edition Leo A. Wrobel https://ebookfinal.com/download/disaster-recovery-planning-for- communications-and-critical-infrastructure-artech-house- telecommunications-1st-edition-leo-a-wrobel/ SharePoint 2007 Disaster Recovery Guide 1st Edition John L. Ferringer https://ebookfinal.com/download/sharepoint-2007-disaster-recovery- guide-1st-edition-john-l-ferringer/ Recovery of the Lost Good Object 1st Edition Eric Brenman https://ebookfinal.com/download/recovery-of-the-lost-good-object-1st- edition-eric-brenman/
  • 3.
    Disaster Recovery CrisisResponse and Business Continuity A Management Desk Reference 1st Edition Jamie Watters (Auth.) https://ebookfinal.com/download/disaster-recovery-crisis-response-and- business-continuity-a-management-desk-reference-1st-edition-jamie- watters-auth/ Wiley Pathways Network Security Fundamentals 1st Edition Eric Cole https://ebookfinal.com/download/wiley-pathways-network-security- fundamentals-1st-edition-eric-cole/ Uncle Eric Talks About Personal Career and Financial Security An Uncle Eric Book 2nd Edition Richard J. Maybury https://ebookfinal.com/download/uncle-eric-talks-about-personal- career-and-financial-security-an-uncle-eric-book-2nd-edition-richard- j-maybury/ Treatment Planning for Person Centered Care The Road to Mental Health and Addiction Recovery 1st Edition Neal Adams https://ebookfinal.com/download/treatment-planning-for-person- centered-care-the-road-to-mental-health-and-addiction-recovery-1st- edition-neal-adams/ Applied Cyber Security and the Smart Grid Implementing Security Controls into the Modern Power Infrastructure 1st Edition Eric D. Knapp https://ebookfinal.com/download/applied-cyber-security-and-the-smart- grid-implementing-security-controls-into-the-modern-power- infrastructure-1st-edition-eric-d-knapp/
  • 5.
    Security planning disasterrecovery 1st Edition Eric Maiwald Digital Instant Download Author(s): Eric Maiwald, WilliamSieglein ISBN(s): 9780072224634, 0072224630 Edition: 1 File Details: PDF, 1.74 MB Year: 2002 Language: english
  • 7.
    Security Planning &Disaster Recovery Eric Maiwald William Sieglein McGraw-Hill/Osborne 2600 Tenth Street Berkeley, California 94710 U.S.A. To arrange bulk purchase discounts for sales promotions, premiums, or fund-raisers, please contact McGraw-Hill/Osborne at the above address. For information on translations or book distributors outside the U.S.A., please see the International Contact Information page immediately following the index of this book. Copyright © 2002 by The McGraw-Hill Companies. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication. 1234567890 FGR FGR 0198765432 ISBN 0-07-222463-0 Publisher Brandon A. Nordin Vice President & Associate Publisher Scott Rogers Acquisitions Editor Jane Brownlow Project Editor Janet Walden Acquisitions Coordinator Emma Acker Technical Editor Ben Rothke Copy Editor Claire Splan Proofreader Pam Vevea
  • 8.
    Indexer Claire Splan Computer Designers KellyStanton-Scott, Mickey Galicia Illustrators Lyssa Wald, Michael Mueller Series Design Peter Hancik, Lyssa Wald Cover Series Design Jeff Weeks This book was composed with Corel VENTURA™ Publisher. Information has been obtained by McGraw-Hill/Osborne from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, McGraw- Hill/Osborne, or others, McGraw-Hill/Osborne does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information. This book is dedicated to my wife Kay and my two sons, Steffan and Joel, who put up with a lot of long days and lost time (again) during the writing of this book. –EM This book is dedicated to my lovely wife Jane—’Tis naught Othello or King Lear, but that WS did not receive royalties. And to my children Kyle, Haley, and Maggy—YES, I can play now! –WS About the Authors Eric Maiwald is the Chief Technology Officer for Fortrex Technologies, where he oversees all security research and training activities for the company. He also manages the Fortrex Network Security Operations Center where all managed services are performed. Mr. Maiwald also performs assessments, develops policies, and implements security solutions for large financial institutions, services firms, and manufacturers. He has extensive experience in the security field as a consultant, security officer, and developer. Mr. Maiwald holds a Bachelors of Science degree in Electrical Engineering from Rensselaer Polytechnic Institute, a Masters of Engineering in Electrical Engineering from Stevens Institute of Technology, and is a Certified Information Systems Security Professional (CISSP). Mr. Maiwald is a named inventor on patent numbers 5,577,209, “Apparatus and Method for Providing Multi-level Security for Communications Among Computers and Terminals on a Network”; 5.872.847, “Using Trusted Associations to Establish Trust in a Computer Network”; 5,940,591, “Apparatus and Method for Providing Network Security”; and 6,212.636, “Method for Establishing Trust in a Computer Network via Association.” Mr. Maiwald is a regular presenter at a number of well-known security conferences. He has also written Network Security: A Beginner’s Guide, published by McGraw-Hill/Osborne, and
  • 9.
    is a contributingauthor for Hacking Linux Exposed and Hacker’s Challenge, also published by McGraw-Hill/Osborne. William Sieglein is the Manager of Security Services for Fortrex Technologies, where he oversees all security consulting and professional services for the company. Mr. Sieglein also manages information security projects for Fortrex clients, leads risk assessments, develops policies, and implements security solutions. He has over 20 years experience in the IT industry, specializing in information security. Mr. Sieglein holds a Bachelors of Science degree in Computer Science from the University of Maryland and a Masters of Science in Technical Management from Johns Hopkins University. Mr. Sieglein has published numerous articles for various publications including Business Credit Magazine, Security Advisor, and CMP’s iPlanet, where he was also the security expert for several months. Mr. Sieglein been a guest speaker for various organizations including the Information Systems Audit and Controls Association (ISACA), Joint Special Operations Command (JSOC), and the American Society for Industrial Security (ASIS). About the Technical Reviewer Ben Rothke (brothke@hotmail.com) is a Principal Consultant with trustEra (www.trustEra.com). His areas of expertise are in PKI, design and implementation of systems security, HIPAA, encryption, security architecture and analysis, firewall configuration and review, cryptography, and security policy development. Mr. Rothke previously worked for Baltimore Technologies, Ernst & Young, and Citibank and has provided information security solutions to many Fortune 500 companies. He is a frequent speaker at industry conferences and has written for many computer periodicals. Currently, he writes a column for Unix Review as well as a monthly security book review for Security Management magazine. Mr. Rothke is a Certified Information Systems Security Professional (CISSP), a Certified Confidentiality Officer (CCO), and a member of ISSA, ICSA, IEEE, ASIS & CSI, operating out of a New York-based office. Acknowledgments This book could not have been written without the help of a number of people. Most notable in their help were those people we work with at Fortrex Technologies, Inc., especially Lee Kelly for his work on the HIPAA regulations and Andrew Waltz for his research on GLBA. We would also like to acknowledge the great support of our technical editor, Ben Rothke, who turned the chapters around very quickly. Of course, none of this could have been possible without the help from the people at McGraw-Hill/Osborne, most notably Jane Brownlow, Emma Acker, and Janet Walden. Introduction In this e-centric day and age organizations have come to rely on IT infrastructures not just as an aid to business, but for some, as the core of their business. Safe, secure, and reliable computing and telecommunications are essential to these organizations. As these
  • 10.
    organizations begin tounderstand the importance of information security, they are developing security programs that are often under the direction of the CIO. An information security program includes more than just people and technology. The programs involve policies, procedures, audits, monitoring, and an investment of time and money. This book is meant to provide organizations with a broad overview of the security program, what it should be, who it should include, what it entails, and how it should fit into the overall organization. This book is for the security professional who must answer to management about the security of the organization. In today’s economy, many organizations do not have the ability to hire a person and dedicate that person to security. Often the person who is given this job is an IT professional with no specific security training. This book will provide the road map for such individuals. The book is divided into four main parts plus some good information in appendices: Part I: Guiding Principles in Plan Development Part I is intended to provide guidance on fundamental issues with security planning. In this part we cover the basic concepts of the role of information security, laws and regulations, and risk identification. • Chapter 1: The Role of the Information Security Program Chapter 1 discusses the overall importance of the information security program. It describes where it fits into the organization and who should establish its charter, mission, responsibilities, and authority. It further talks about the relationship of the information security manager (and the department) to the rest of the organization. It is impossible to build a program in a vacuum or with bad relationships throughout the organization. • Chapter 2: Laws and Regulations Many industries have federal or state regulations that must be followed. Some of these regulations may affect the security program. It is therefore important for the security department to understand the regulation requirements. In some cases the existence of the information security program is clearly dictated by laws and regulations. • Chapter 3: Assessments This chapter focuses on how organizations go about identifying the state of their information security efforts. It includes information on various types of assessments and when they should and should not be used. Part II: Plan Implementation Part II discusses the basics of risk management and mitigation. Once risk has been identified, the mitigation steps must be taken. While the exact plan will vary for each organization, this part of the book provides the basics. • Chapter 4: Establishing Policies and Procedures This chapter discusses the importance of policies and procedures and describes policies and procedures that need to be created for the organization. The primary focus of this chapter is the order that they should be created and the approach to use in getting the organization to buy into what is created. • Chapter 5: Implementing the Security Plan Policies are nice documents but if they are not implemented, they do no good. This chapter talks about general guidelines for implementing good policies. • Chapter 6: Deploying New Projects and Technologies No organization can afford to develop everything internally. Security is no different in this regard. Since it is
  • 11.
    likely that productswill be purchased for the organization and new projects will be developed internally, this chapter covers how to manage the risk to the organization through the development process. • Chapter 7: Security Training and Awareness This chapter discusses the programs and classes that must be established to make the organization aware of security issues. Security awareness is one of the most cost-effective components of the information security program. In a recent speech, Richard Clark, the President’s cyber-security advisor, noted that the awareness of employees was critical to an organization’s security program. He also noted that he and the federal government would be stressing this topic to industry in the coming months. • Chapter 8: Monitoring Security The security program is in place. How do you know that it is working? The only way to know is to monitor it. This chapter discusses the more useful methods for monitoring. Part III: Plan Administration Security programs are no different than any other program within an organization. Once they are set up and working properly, they must be managed and administered properly. This part talks about these tasks. • Chapter 9: Budgeting for Security Just about every organization has a budget process. The security department must go through it with every other department. Therefore, it is important for the security department to do it well. • Chapter 10: The Security Staff Not every security program has a staff but many do. Choosing the correct individuals for the staff and the correct mix of skills can make or break the program. This chapter talks about the mix of the team and how to find good people. • Chapter 11: Reporting Finally, there is reporting. Without some type of reporting there is no way for the organization to gauge the effectiveness of the security department. There is rarely an ROI for security (but this is changing) and thus there must be other metrics to use to measure the performance of the department. Part IV: How to Respond to Incidents All of the planning, risk identification, risk mitigation, and administration tasks can help an organization to manage risk. However, no one can ever completely remove risk. This part of the book discusses how to deal with incidents and disasters when they occur. • Chapter 12: Incident Response Bad things happen. The security program works diligently to try to prevent them but they happen anyway. When they do, the security department must be ready to take the lead in the response. • Chapter 13: Developing Contingency Plans Disasters of all shapes and sizes occur to businesses. Because organizations have become so dependent on their IT infrastructures it is essential that they develop an IT Disaster Recovery Plan and keep it up to date. This plan will provide policies, procedures, roles, and responsibilities for preparing for, responding to, and recovering from a variety of disasters. This chapter explains the key steps in developing an IT DRP. • Chapter 14: Responding to Disasters How an organization responds to a disaster is just as important as how an organization plans for a disaster. Often, the response to a disaster deviates from the plan due to unforeseen circumstances. This chapter discusses the proper response during a serious disaster.
  • 12.
    Part V: AppendixesPart V provides three sections that complement the purpose of the book. These sections are intended to assist the reader in answering particular questions about security and implementing a strong program. • Appendix A: Handling Audits Audits are a fact of life. Every organization goes through them. They may be internal audits or external. The security team must be a part of these audits and the organization’s response. • Appendix B: Outsourcing Security The outsourcing of security has become a lively topic recently. Many new security firms exist that sell some type of service. This may impact the security of the organization or it may be a cost-effective way to fulfill the responsibilities of the security department. • Appendix C: Managing New Security Projects This appendix is a continuation of Chapter 6 that talks specifically about building new security projects as opposed to security in new business projects. Part I: Guiding Principles in Plan Development Chapter List Chapter 1: The Role of the Information Security Program Chapter 2: Laws and Regulations Chapter 3: Assessments Chapter 1: The Role of the Information Security Program Overview Security professionals today talk about the need for strong security programs. We hear calls for the latest products, more staff, and more funding. But what is a strong security program? If an organization has a weak program, how can it be strengthened? How much money does it take to create and maintain a strong program? None of these questions have simple answers. However, one thing is very clear: A security program must have three things in order to be strong and successful: • A well-defined mission • Good relationships within the organization • Intelligent, knowledgeable security professionals The details of building and maintaining a strong security program will be left to the other chapters of this book. Identifying, hiring, and keeping security professionals will also be discussed in some detail later in the book (see Chapter 10). This chapter will focus on the first
  • 13.
    two items above—themission and the relationships. In short, these two items identify the role that the security program will play within the organization. Getting Off on the Right Foot Perhaps the most important part of the security manager’s job is the beginning. The person who leads the organization’s information security department has a job that will touch every other department in the organization. Every employee will be affected by the decisions and policies that are developed by information security. Therefore, it is extremely important for the information security manager to establish good working relationships with other departments. We will talk more about these relationships later in this chapter. Security Alert! The security manager who starts off on the wrong foot is destined for failure. Many security departments and security managers failed to help organizations manage their risk by ignoring the impact of relationships. A new security manager must begin these relationships. In most cases, the information security manager will be the new kid on the block. The other departments will have well- established missions, roles, procedures, and reporting structures. The worst possible thing would be for the new information security manager to attempt to assert his authority over this existing structure. The rest of the organization would ignore the new manager and force the entire security effort to become ineffective. Challenge You are a new security manager for an organization. The first task that you have on your plate is the development of a new information security policy. You complete the policy without the help of the rest of the organization since this is your job. Now you must go out and implement the policy. As soon as you begin to work with system administrators, you get serious resistance. Then the administrators just stop working with you altogether. You approach your boss about the problem, thinking that pulling rank will get the policy implemented. Do you really think that this is the best course of action in this case? Even if your boss can or will help you put pressure on the administrators, will the policy implementation succeed? Likely, the answer is no it will not. The administrators have no interest in the policy since they view it as being shoved down their throats. The best chance you have of getting any policy implemented now is to go to the system administration staff and beg for their help in writing a new policy (don't even try to start with the original one). What then is the best way to get off on the right foot? First, remember that the information security department is likely to be new kid to the organization and thus must learn how the organization works before putting out directives that must be met or else. The security manager should start by talking to each department manager. He or she must also learn not to direct how security should be handled but to learn and work with the other departments.
  • 14.
    Second, the informationsecurity department is charged with a mission. How this mission is accomplished is the primary job of the information security manager. The mission must be accomplished in conjunction with, not in spite of, the other departments and employees of the organization. Establishing a good working relationship so that everyone understands the need for security will go a long way to accomplishing the security department’s mission. Establishing the Role of Security The information security department was established for a reason. Depending on the organization the reason might be any of the following: • Government regulation required it. • An audit report recommended it. • Senior management or the board decided it was necessary. • The IT department decided it was necessary to have the function. In any case, a reason exists for the security department and thus a scope of operations exists as well. The scope of operations is defined by the location of the department within the organization. For example, if the information security department was established by senior management, it may have a scope that includes the entire organization. If the information security department was established by the IT director, then the scope is likely to be more limited (the IT department for instance). The reporting structure for security is only one part of establishing the role of security. The information security department should also have a mission statement and long-term goals. These should be developed and approved by the organization. Tip Work with senior management to develop the mission statement. Make sure the mission statement agrees with what senior management had in mind for the security department. Reporting Structure The reporting structure for the information security department is one of the most important aspects of the department’s creation. If the department reports too low in the organization, the scope and authority of the department will be too limited to be effective. In some cases the reporting location may also cause conflicts of interest. Figure 1-1 shows a very general organization chart with various placements for the information security department. Two of the locations are shown in medium shading. These indicate good places for the department. The first would have security reporting directly to the president or CEO. This location gives the information security department the largest possible scope and the highest possible visibility in the organization. While this reporting point is good for information security, it is not always possible. Some organizations do not wish to elevate the head of information security to the senior management team for example.
  • 15.
    Figure 1.1: Examplesof reporting points for the information security department The second good alternative would place the information security department under the organization’s general counsel. This moves the department from directly reporting to the President or CEO and yet still allows the department to have a large scope (the general counsel usually can act throughout the organization). Given that many security issues are also becoming legal issues, placement here is certainly appropriate. Some organizations place the information security department under the CFO, as indicated in light shading in Figure 1-1. While this placement is not bad, it does pose some potential conflicts of interest. Since the CFO usually looks across the organization, the scope of the information security department would not be limited. However, the CFO usually also manages the internal audit department. Information security and internal audit have similar yet different roles within an organization (see the “Relationship” section for a more complete explanation of this relationship) and therefore should be kept as separate as possible. If the CFO manages this potential conflict properly, there is no reason why placing the information security department here would not work. Information security departments are often placed below the IT department, as indicated in dark shading in Figure 1-1. This is because information security usually develops out of the IT department’s need for security policy and incident response. Unfortunately, the placement of the organization’s information security department here tends to limit the scope of the department unnecessarily. It often becomes difficult for the information security department to work effectively across the organization. Security Alert! If the security department reports to the IT department, make sure that the mission statement for the department is focused primarily on IT issues. If the mission statement is too broad, conflicts with other departments may arise. Placement of the information security department below the internal audit function (also indicated in dark shading in Figure 1-1) causes a serious conflict of interest. Information security is supposed to create and manage policy. The audit department is supposed to determine compliance. It is not appropriate for the audit department to both create policy and then determine compliance. Mission Statement In most cases, we don’t see the point of a mission statement for a department within an organization. The simple reason for this is that most mission statements are self-evident. For example, the mission of the software development department is to develop good software according to the design requirements. This seems pretty obvious.
  • 16.
    Unfortunately, the missionof the information security department is often misunderstood. The information security department cannot guarantee the security of the organization’s information or systems. The information security department can assist in managing the information security risk to the organization but that is as far as we can go. Security in general (and information security in particular) are exercises in risk management. There are no guarantees. In fact, risk is an inevitable part of life. It is the job of the information security department to help manage the risk to the organization. Given that, what are some appropriate mission statements for the information security department? The following statements are provided as examples of good mission statements for an information security department: • To appropriately manage the information security risk to the organization by working with the various internal departments • To appropriately manage the information security risk to the organization by operating various network and system security mechanisms • To appropriately manage the information security risk to the organization by developing and managing organizational security policy • To appropriately manage the information security risk to the IT department of the organization by managing the implementation of organization security policy Please notice that each of these mission statements includes the scope of the work (the entire organization or the IT department) and the mechanism for the work. In some organizations the information security department only sets policy while in others the department will manage network devices such as firewalls and intrusion detection systems. The type of tasks that the department is expected to carry out will impact how the mission statement is worded. So why is it so important that we get the mission statement of the information security department correct? Because from the mission statement all of the work of the department is derived (see Figure 1-2). Since the mission statement will also define how the work is to be done (at a very high level) and for whom the work is to be done (the scope of the department’s authority), it is a very important statement. Figure 1.2: How the mission statement affects the work of the information security department Once the mission statement has been developed, it should be agreed to by the senior management of the organization.
  • 17.
    Long-Term Goals As canbe seen in Figure 1-2, long-term goals for the information security department flow from the department’s mission statement. Long-term goals are goals that may take several months to several years to accomplish. These are goals for the department that directly affect the ability of the department to meet the mission statement. A long-term goal for the department might be to be able to quantify the risk to the organization on a regular basis. Obviously, this goal will require significant work in various areas such as assessments, vulnerability tracking, threat identification, and policy compliance monitoring. Each of these systems may themselves take time and resources to implement. Long-term goals should be part of strategies used by the department to manage the risk to the organization. Figure 1-3 shows another way to plan the direction for the department. Following a risk assessment (see Chapter 3), the major risks to the security of information within the organization should be identified. For each major risk, a strategy should be created to manage the risk. The management of these risks becomes the long-term goal for the department. Figure 1.3: Strategies are used to manage risk. Tip At least once a year, the long-term goals of the department should be reviewed to check on progress. The review of long-term goals may also identify completed goals and new goals that must be added to respond to changes in the organization. Short-Term Objectives At least once a year short-term objectives should be identified to move the department toward meeting the long-term goals of security for the organization. These objectives can be turned into project plans for the coming year. Each project plan can be used for budgeting purposes (see Chapter 9). Short-term objectives may be the installation of a new product or the creation of a process to monitor some aspect of security. No matter how the objectives are defined, the completion of any of the objectives should lead the department closer to the long-term goal. Relationships As mentioned before, relationships will make or break the effectiveness of the information security department. Regardless of the support from senior management or the authority given to the department, the relationships that are developed between security staff and management and the rest of the organization are critical to the overall success of the department. There are two types of relationships that the security department must create: • Technical • Business
  • 18.
    Technical relationships arethose that build on the ability of the security staff to explain and understand technical issues. Business relationships are those that build on the ability of the security staff to understand the needs of the organization in order to accomplish the business of the organization. Technical Relationships As was already mentioned, technical relationships are those that build on the ability of security staff to explain and understand technical issues. In other words, technical relationships are built on mutual respect for the technical knowledge and capabilities of the security staff and the other employees or departments. Security Alert! If the security staff shows that it has no understanding of networks, systems, software development, and so on, these groups will not believe that the security department will be able to help them or understand their problems. It is also important to understand that the technical relationships between security and other departments are not always two-way relationships (see Figure 1-4). In many cases, the relationship may be one where security provides information, guidance, and assistance to the other department but does not really receive assistance in return. Figure 1.4: The directional nature of technical relationships Administrators Both system and network administrators are very technical professionals who tend to have more work then they do hours in the day. Therefore, when the issue of security comes up, the administrator is unlikely to be favorably disposed to taking on more work. How then can the security department form a relationship with system and network administrators? It is painfully obvious to anyone who has tried that attempting to threaten or force administrators to secure their systems does not work. The primary job of system and network administrators is to keep the systems up and running. They do this very well. Anything that is perceived as reducing their ability to keep the systems up is unlikely to be done. (This is not to say the administrators do not wish their systems to be secure. On the contrary, they do.)
  • 19.
    Therefore, the securitydepartment must provide information to the administrators that shows how security can assist them in keeping the systems up. In this way, the security department shows a value to the administrators. Once a value is shown, the job of security becomes easier. Another issue that hurts the relationship between security and administrators is the perception that the security department does not understand the technical system or network issues. Often this is in fact the case and leads to security staff making recommendations or even demands that do not make sense in the technical environment of the organization. In order to build a good working relationship with administrators, the security staff needs to have technical knowledge in the following areas: • Network architecture • Network protocols (specifically TCP/IP or whatever protocols are used on site) • Basic Unix administration (basic commands and where to find files) • Basic Windows NT/2000 administration With this basic knowledge, the security staff will understand why a sniffer may not work in a switched environment or why the Unix passwd file has to be readable by all processes but the shadow file does not. Development Development staff are also very technical individuals who have project deadlines that must be met. In many cases, these deadlines are imposed by senior management for new product offerings. As with administrators, if security attempts to dictate to the developers, the relationship will fail. Security must work within the framework of the developers’ world. In most organizations, the development staff uses a development methodology. This methodology is the perfect way for security to work with the development staff. Throughout project development there are tasks that would benefit from security involvement. For example, the requirements phase of a project should consider security requirements. If the project does not take into account security during the requirements phase, the project may find that the new system has security holes when it is time for the project to go into production. By showing the development staff how security can alleviate some of the back-end headaches, the development staff can be shown a benefit to security’s involvement. As with the administration staff, development will not look kindly upon security staff who lack an understanding of the development methodology and the technical issues involved in the development process. This is not to say that the security staff must understand how to code C++, but the members of the staff that work with the developers should have some understanding of how systems are developed and coded. Building Secure Software: How to Avoid Security Problems the Right Way by John Viega and Gary McGraw (Addison Wesley Professional, 2001) is an excellent reference on how to write secure code. In addition, knowledge in the following areas will assist the security staff when working with development:
  • 20.
    • System architecture •Performance testing • Software development • System integration issues (making products work together) • The organization’s development methodology Physical Security In most organizations, the department that handles the door locks, guards, cameras, and other physical security mechanisms is separate from the information security department. Yet physical security is a very important component of the overall information security of the organization. This makes it doubly important that the information security department have a good relationship with the people that handle physical security. The relationship with physical security should be a peer-to-peer relationship. The two departments should be able to reinforce and assist each other in the overall goal of improved security and reduced risk to the organization. This means that the physical security department should be involved in risk assessments and in risk management. Often, it may be found that changing physical security procedures may be cheaper and easier than enhancing computer or network security. Audit Unfortunately, the audit department is often looked at as an adversary or an antagonist by information security. Clearly, this is the wrong way to look at this relationship. The audit department serves a very important role in organizations. They are the watchdogs and the checkers who make sure that policies and procedures are followed. Auditors make sure that trust relationships between the organization and its employees are upheld. Information security and audit serve very similar roles. Both have the job of reducing the overall risk to the organization. And yet, the two departments are not direct competitors for funds and prestige. Therefore, there should be a good working relationship between the two departments. When we worked in organizations that had internal audit departments, we made it our business to meet the internal auditors and to find out how they did their jobs. In doing this, we have found individuals who wish to learn about the technology that is used in information security so that they could do their jobs better. Tip The information security department can and should provide information to the audit department about the technology and procedures that are being used to manage risk. When the auditors request to perform an audit, the information security department should be completely open with them and provide all the necessary information. Business Relationships If the security staff understands nothing else, they must understand that their job is to assist the organization in performing its primary business function. With that said, the security department must form business relationships within the organization. These are relationships where security supports the primary business function (see Figure 1-5). No business functions
  • 21.
    will support thesecurity department. Why? Because the security department is a support organization. Its job is to assist the business to function. It is not the function of the business departments to assist the security department. Figure 1.5: The security department supports the business of the organization. Security Alert! It is essential to reiterate that the information security staff must understand the business role of the organization they are working to protect. An ideal manager of the security department will be able to merge the business and the technical. Senior Management Security supports the senior management of the organization in its job of managing the organization. This means that security provides information to the top managers of the organization to assist them in making decisions. We will talk more about this when we discuss reporting in Chapter 11. At this point we need to talk about the relationship between the security department and the senior management of the organization. It sometimes appears that security will use the support of senior management to accomplish its tasks. For example, a letter from the CEO about compliance with security policies is often key in gaining organization buy-in. But in reality, during this whole process security is supporting the organization. The reason for this is that the development of the security policy and the organization’s compliance with it actually support the management of risk for the entire organization. The leaders of the organization are supposed to make money for the owners (or stockholders) and make the organization successful. They do this by making decisions about risk and reward. Security supports this by providing information on risk and helping to manage the security risk to the organization. Therefore, the activities of the security department should all be targeted to manage security risk. The development and deployment of a security policy is a means of doing just that. Therefore the support of the organization’s senior management is actually senior management agreeing that security is helping them manage risk to the organization. Enough of a philosophic view of the relationship. Let’s talk more down to earth. First off, the senior management of the organization must be able to trust the information that comes from the security department. This means that the security department must provide appropriate information. There should be no grand-standing and no inflation of the risks (that is, security should not go around yelling that the sky is falling). Note that an effective security department
  • 22.
    manager will knowwhat to worry about and, to a degree more importantly, what not to worry about. It also means that security should be staffed by professionals who have a good understanding of security and the technologies that security must affect (networks, systems, and so on). In the performance of its duty, security may be asked to comment on technical solutions. If security does not understand the technical aspects of the problem and proposed solution, how can a valid comment be made? The second key aspect of the relationship between security and senior management is that security must understand the business of the organization. This understanding is important because recommended solutions to manage risk must take into account that business must continue. Recommendations that clearly prevent business or that adversely affect the business of the organization without providing a clear benefit will not be taken seriously. If this occurs, senior management will no longer trust the opinions of the security department and thus security will not be able to provide assistance in managing business risk. The relationship with senior management is thus one of assistance and advice. Security must be trusted to know security and the business of the organization in order to supply both of these. Peers For the purpose of this discussion, we will consider all other managers, department heads, and directors who do not fit in the senior management category as peers to the security manager. For the same reason that it is important for security to support senior management, it is also important for security to support peers and peer departments. Some of these peer departments will be departments that do the business of the organization. Other peer departments will be supporting departments who assist the organization in doing business (just like security does). Security will help these other departments manage their risk and perform the functions of the business in a manner that manages the security risk to the organization. This means that the heads of these departments must understand that some things they do may cause risk. Therefore, security will be constantly educating other departments on the ramifications to the organization if a risk were to actually occur. Security must build a trust relationship with these other departments so that the other departments will follow security recommendations and come to the security department with questions. Nowhere will this relationship be more important than with the IT and development groups. We have already talked about the technical relationship with these departments. In addition to this technical relationship, there must also be a business relationship. Technically, both departments must see that security has knowledge about systems, networks, and development. From the business perspective, both departments need to see that security understands how the business functions and how IT and development assist in the business functions. The User Community The relationship between the security department and the user community of the organization may be the most important. The reason for this is very simple. The organization can spend
  • 23.
    hundreds of thousandsor even millions of dollars on security systems and technologies but a single employee who is unaware of the security policies of the organization can allow an intruder to bypass it all. This means that every employee in the organization must understand the need for security (see Chapter 7 on security awareness training). Remember that behind most security breaches are authorized users who did not follow the rules. This does not mean that the security department or the security manager will have a personal relationship with every single employee. However, employees should understand what the security department is and what its function is with regard to the organization. Employees are human and thus they will seek the path of least resistance when performing their jobs. This is not to say that employees are by nature lazy, only that human nature will seek to perform a task while expending the least amount of effort. Understanding this fact will enable the security department to develop programs and its relationship with the user community in such a way that the security risk to the organization can be managed. Since the relationship with the user community is generally not a personal one (as most other relationships will likely be), the security department will interact and relate to users in a different way. Successful security departments will provide information to the user community in such a way that the users find the information interesting. For example, the security department may run a lunch-time seminar on how to protect your kids from the dangers of the Internet. While conducting the seminar, security can provide the employees with good practices that are also in line with organization policy. Likewise, the security department could provide hints and suggestions on keeping home computers free of viruses. The information provided to the users can be the same as that required of them when performing their jobs. In both cases, the users are provided with something that can be useful and perhaps take some risk out of their lives as well as their work. These actions show the users that security can be of help to them and not just a hindrance to their work. In the best of all possible worlds, the organization will take violations of security policy as seriously as it does violations of sexual harassment policies. Most companies have a zero tolerance policy for sexual harassment. But if that same employee violates an information security policy, there is much greater tolerance. Security Alert! The security awareness of employees is perhaps the most important single factor in the overall risk to the organization. A security manager who ignores the employees will almost always fail. Legal The general counsel’s office is the department that is perhaps the closest to the security department in function. Both are in place to assist in the performance of the organization’s primary function and both are used to reduce the likelihood that something bad will happen to the organization. As more and more government regulations, such as the Health Information Portability and Accountability Act (HIPAA), are created that call for information security and information privacy, the general counsel and the security department will work more and more closely to develop appropriate policies and implement appropriate mechanisms to reduce the organization’s exposure to fines and lawsuits. Given this, the relationship between the legal office and security should be very obvious and easy to build. The security department will need the advice and guidance of the general
  • 24.
    counsel’s office whendefining policy. The legal office will need to work with the security department to determine if government regulations are being complied with and what potential legal exposures the organization may have. During a security incident (see Chapter 12), the general counsel and the security department must work very closely, with mutual trust and respect in order to limit the damage to the organization. Human Resources HR is another support department that is very important to the success of the information security department. The reason for this is simple: HR is the source of many policies that affect the overall information security risk of the organization. For example, HR may be the source of a policy that allows telecommuting. This policy has security ramifications since the employees who are working from home may have sensitive information with them or on their computers. At the same time, these computers may need connectivity back into the organization’s internal network. Both of these issues are key information security risks that must be managed by the information security department. Another important reason for a relationship with HR is that HR handles the hiring and termination of employees. This is another key risk area that the information security department must deal with. A good working relationship with HR will make the work of training new employees on the need for security much easier. At the same time, this relationship will assist in the identification of people who are no longer employees and whose access should be rescinded. If those two reasons are not enough, HR is also usually the location of the organization’s training department. Any type of security awareness program will not succeed without the assistance of HR. None of this is meant to imply that the relationship with HR is one-way. The relationship should be one of mutual trust and assistance. The security department will rely on HR to educate employees and identify the status of employees. HR will rely on the security department for the implementation of policies such as computer use, telecommuting, and so on and for the material that must be provided to the employees of the organization. Checklist: Key Roles of the Program The following is a checklist of key steps in the establishment of an information security program: • Identify the reporting structure for the information security department— try to locate the department at an appropriate place within the organization. • Learn how the organization works and what it does. • Develop a sound mission statement. • Get approval and support from management for the mission. • Identify long -term goals and a risk management strategy. • Develop short-term objectives. • Develop good technical relationships with administrators, development, physical security, and audit.
  • 25.
    • Develop goodbusiness relationships with peers, the user community, and human resources. • Develop a good reporting mechanism for senior management. • Work with the legal department to understand the legal issues surrounding information security within the organization. Chapter 2: Laws and Regulations Overview Many companies are regulated by federal, state, and local statutes. As more companies utilize information technology as a core part of their business operations, there are more regulations specifically aimed at ensuring that information is appropriately protected. Without doubt the most regulated are the financial services and medical industries. These industries have long had requirements for protecting the privacy of customer and patient data. With the increased usage and dependence on information systems and networks, the government has begun to pass legislation specifically aimed at controlling access to and protecting the confidentiality of such information. You must ensure that your information security program helps the company stay compliant with all relevant regulations. Most recently, the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA) have put very specific requirements on the way financial services firms and healthcare organizations protect information. HIPAA even has criminal penalties for failure to comply. Specifically, violations of the provisions in HIPAA can result in $100 for each violation, subject to a $25,000 limit for all violations of the same “requirement or prohibition” during the same calendar year. Given the numerous “requirements or prohibitions” under HIPAA, a $25,000 limit per requirement or prohibition can add up quickly. The law is even harsher on those who intentionally violate HIPAA. The lowest penalty is a fine of up to $50,000 and imprisonment for up to a year, which increases to $100,000 and up to five years in prison if the offense is committed under false pretenses, and which tops out at $250,000 and up to ten years in prison if the violation is committed “with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm.” This is pretty serious business. GLBA and HIPAA will have a significant impact on financial services and healthcare organizations. They require formal information security programs to be established and recognized by senior management. The GLBA states that the board of directors must approve the information security plan. Similarly, HIPAA mandates a formal information security and privacy infrastructure. HIPAA is a huge endeavor that will cost healthcare organizations a huge amount of money. For the first time information security risk is being laid in the hands of the most senior management. These new regulations are forcing organizations to create formal information security programs and spend money to ensure they are adequately protecting information systems. For some these laws might seem like a burden. For others it might be a blessing because now there is less guessing about what the program should include and it will likely bring more funding for the information security budget.
  • 26.
    Another Random ScribdDocument with Unrelated Content
  • 27.
    efficace des oeaux visibles du baptême est étendu par Origène au chrême visible In epist. ad Rom., 1. V. n. X. P. (,..t. xiv, col. 1C38CD. L'application du symbolisme à l'eucharistie est plus délicate. L'eucharistie est un sacrement à part, puisque le symbolisme affirmé par saint Paul n'empêche pas la realité même du corps et du sang signifiée par les symboles extérieurs. 11 y a pour ainsi dire une double efficacité dans le symbolisme eucharistique, l'une relative à la présence du corps et du sang sous le symbole du pain et du vin. l'autre relative à la nourriture spirituelle de l'âme par la grâce produite I communiant bien disposé. Là où Origène se laisse entraîner par le symbolisme extérieur des espèces sacramentelles, il semble oublier la présence réelle, lai réalité, il professe sur ce point la foi de e et la croyance commune. Voir ici une mise au point exacte, t. xi, col. 1558-1560. On devra corriger l'appréciation un peu trop absolue de Pourrat, op. cit.. p. 7. Si les allégories qu'Origène superpose au dogme de la présence réelle n'ont plus trait à l'eucharistie. il n'en reste pas moins vrai que le double symbolisme et l'efficacité du symbole eucharistique n'est pas ignoré de cet auteur, témoin ce texte du Contra Celsum. I. VIII, n. 33 : « Rendant grâces au démiurge de l'univers, nous mangeons les pains que nous (lui)offrons avec action de grâces et prières pour (tous ses) dons: (nous mangeons ces pains) devenus corps par la prière, quelque chose de saint et qui sanctifie ceux qui en usent avec un sain propos. » P. G., t. xi, col. 15G5 C. Cf. P. Batiffol, L'eucharistie, la présence réelle et la transsubstantiation. Paris. 1913, p. 'JC,4-20.r>. L'efficacité du sacrement de pénitence est d'autant plus marquée chez Origène qu'on trouve indiqués par lui d'autres modes de rémission des péchés, le martyre. l'aumône, le pardon des injures, le zèle pour la conversion des pécheurs, l'amour de Dieu. In Levit.. hom. n, n. I. /'. G., t. xn. col. 117-119. Mais la pénitence tient une place à part : c'est qu'elle est un pouvoir de lier et de délier, de remettre et de retenir les péchés,. donné par Dieu aux chefs de l'Église. In Jud., hom. n. n â. /'. G., t. xn. col. 961 A; In Matth., t. xn, n. 1 1 : t. xiii, col. 1012-1013. Toutefois l'efficacité du sacrement n'est pas telle que les prêtres puissent, par li- seul effet de leurs prières, remettre les péchés les plus graves. Voir sur ce texte du De
  • 28.
    oratione, l'art. Origène.t. xi, col. 1557. â. La théologie grecqne.au m* siècle, après Origène. — La théologie postérieure à Origène maintient, au sujet des sacrements, la notion du symbole et de l'efficacité sacramentels. Le rite du baptême, tel que le décrit la Didascalie, est conforme au symbolisme exprimé par saint Paul. Édition de Punk. 111. xn (parallèle aux Constitutions apostoliques, xvi), n. 2. p. 210. L'efficacité du baptême est rappelée en quelques mots expressifs : c'est un sceau, un sceau infrangible, imprimé par Dieu sur le chrétien, II. xxxix. 6. p. 126; cf. III. xn (xvi), 2, p. 210; l'achèvement de l'homme, ibid., p. 126; cf. Théognoste, Fragm., P. G., t. x, col. 240, 241. Un autre effet du baptême est de remettre les péchés, d'engendrer le néophyte à une vie nouvelle, de lui donner le Saint-Esprit, d'en faire un autre Christ. Didasc, II, xxxix. I. p. 121.; V. ix. 1.5. p. 262; VI, xn, 2, p. 326r xvii (xxn), 1. p. 354; xvm (xxm). 4- 5, p. 358; xxi (xxvii). 5. p. 371-372. Cf. Méthode d'Olympe, Convivium. VIII. vin, ix. /'. G., t. xvm. col. 149, 152. Le symbolisme eucharistique est également marqué, mais d'une façon conforme aux exigences du dogme de la présence réelle. L'eucharistie est le pain sanctifié par ks invocations. Didasc. VI. xxn ixxvni), 2, p. 376: elle est une nourriture sainte, âyiot rpoip"/) ou simplement les choses saintes, -rà ôcyia. Denys d'Alexandrie, Fragm.. édit. E. Feltoe. Cambridge, 1904, p. 58, 59, 103; ou encore les choses saintes parmi les saintes, -y. ■/•-.-/. tcôv àyicov. Id.. ibid.. p. 103. Le Dialogue d'Adamantins qui emploie parfois des termes d'un réalisme accentué (par exemple : toucher le corps et le sang du Christ) revient ensuite au symbolisme : le Christ a fait du pain et du breuvage les images. eÏxoveç, de son corps et de son sang. IV. M. P. G., t. xi. col. 1840 BC. De même la Didascalie, du moins d'après le texte grec concordant des Constitutions apostoliques. 1. VI, c. xxx, n. 2, édit. Funk. p. 381. invite les fidèles a offrir < l'eucharistie agréable ,. image du corps royal du Christ . xvrtruirov toû fitxaiXeîou op.aâTOÇ Xpicroû. Voir aussi xxn. 2. p. 376. ( les manières de parler... ne supposent nullement que ceux qui les emploient sont des symbolistes. Elles marquent seulement le caractère de signe et de symbole
  • 29.
    The text onthis page is estimated to be only 22.48% accurate 505 SACREMENTS. NOTION. LES PÈRES GRECS ,06 qui convient dans l'eucharistie aux éléments sensibles. Le pain et le vin sont les figures, les antitypes du corps et du sang en quoi ils sont intérieurement transformés, et qui sont devenus nourriture et breuvage pour nous.» Tixeront. Histoire des dogmes, t. i, Paris, 1915, p 198 499. Et c'est le Saint-Esprit qui est le principe de eette sanctification. Le pouvoir de lier et de délier implique pour l'évêque le pouvoir de pardonner les tant es il de purifier le pécheur. Didascalie, II, xi, 2; xn, 1-3, p. 16-48; xvi. s, p. 60; xviii. i-:;. p. 64; x. 2. 5, 8, p. 72. 74. Cf. Méthode d'Olympe, De lu lèpre, vu, 1-7. éd. Bonwe1 sch.p. 459-460. L'imposition île la main est le geste symbolique qui marque la réconciliation : La Didascalie remarque expressément que, par cette imposil ion de la main, qui est comme un second baptême, le pénitent recevait le Saint-Esprit, témoignage non équivoque de la purification intérieuie qu'opérait l'absolution, et de son caractère sacramentel. ront, op. cit., p. 504. Cf. Didascalie, II, xi.i, 2. p. 130; et xviii, 7. p. 66. C'est encore le geste de l'imposition des mains, XE!.po0£(TÎa, qui confère le presbytérat et le diaconat. Concile de Néocésarée, can. 9; cf. Hefele-Leclercq, Hisl. des conciles, t. i, p. 331 (l'imposition de la main qui confère l'ordination remet les péchés autres que l'impureté). Sur ce rite et son symbolisme efficace, voir Ordre, t. xi. col. 1215 sq. Quelques indications relatives au caractère sanctifiant du mariage peuvent être trouvées dans la Didascalie, IV, xi, 6, p. 231: VI. xxn (xxix). 6-8, 10, p. 378, 380. 6. La théologie grecque au IV siècle. — Au [Ve siècle, le symbolisme baptismal, tel que l'avait formulé Origène d'après saint Paul, est entré nettement dans l'explication du sacrement. Toutefois, tandis qu'Origène faisait dériver l'efficacité du baptême de l'invocation de la Trinité, les Pères grecs, à la suite des controverses sur la divinité du Saint-Esprit, expliqueront l'efficacité du rite baptismal par la présence et l'action de l'Esprit-Saint dans l'eau. Ils s'appuient sur Joa., ni, 5. D'ailleurs ils marquent nettement, et notamment saint Jean Cbrysostome, que, dans l'administration des saints mystères,
  • 30.
    l'acteur principal estDieu, le prêtre n'est que l'instrument de Dieu : «Le prêtre ne fait qu'ouvrir la bouche: Dieu fait tout. Le prêtre accomplit seulement un signe symbolique... L'oblation est la même, que ce suit celle de Paul ou de Pierre... » In epist. //lm ad Tim., boni, n, n. 4, P. G., t. i.xii. col. 612. Et encore : Quand le prêtre baptise, ce n'est pas lui qui baptise, mais Dieu dont l'invisible présence tient la tète du baptisé. » In Malth., hom. i., n. .". ; cf. In Act. aposl., hom. i. n. 3, P. G., t. lvii, col. 507; t. i.x, col. 110. Bien plus, Jean enseigne l'efficacité des sacrements, même administrés par des indignes : 1 heu n'impose pas les mains à tous, mais il agit par tous (les prêtres), mi indignes, pour sauver le peuple , In epist. II"" ad Tim., hom. n, n. 3, P. G., t. i.xii, col. 609. Nous sommes bien près du concept de symbole efficace ex opere operalo, que précisera la théologie médiévale et que consacrera le concile de Trente. Saint Grégoire de Nazianze, distinguant d'ailleurs six espèces de baptême, déclare que celui île Jésus est non seulement dans l'eau in psenitentiam, an l'Esprit, et c'est ce qui fait sou t-f 1 1. . m i t < Oral., xxxix. n. 17. 19, /'. G., t. xxxvi, col, 356 sq. C'est aussi la doctrine de saint I lasile : si l'eau bapl ismale a en elle quelque grâce, elle ne la tienl pas Or • .a propre nature, mais de la présence de l'Esprit-Saint, zv. rr,ç toû Y)z'i'}.-/-'jc 7tapou
  • 31.
    The text onthis page is estimated to be only 24.61% accurate 507 SACREMENTS. NOTION, LES PÈRES LATINS 508 confirmation était comme un complément du baptême et, pour ce motif, n'en était pas toujours nettement distingué. Voir ici Confirmation, t. ni. col. 10321033. Néanmoins Didyme l'Aveugli le distingue expressément. De Trinitate, 1. II. c. xu, P. G., l xxxix, col. 660 A. Cf. Hardy, Didyme l'Aveugle, Paris, 1910, p. 150. Saint Cyrille de Jérusalem lui consacre la catéchèse xxi.P. G., t. XXXIII, col. 1089 sq. Ce l'ère a bien mis en relief le symbolisme efficace de la continuai ion : L'huile parfumée 'w'jzvj. -/cln-iy. qui devait servir à l'onction était préalablement bénite par l'évêque. Dès lors, ce n'était plus, d'après la théorie de saint Cyrille, du chrême simple (u.ùpov y'./.ov i : mais, de même que le pain euchai istitjtic de îeut. par l'épi le corps du Christ, ainsi le chrême, par l'invocation, est devenu » le charisme du Christ productif du Saintk Esprit, par la présence de sa divinité . Xpioroû /ipiapta xal IIveopJXTOÇ â-flou, Trapouaîa rr.c 7.Jtvj (iz'jT rrroç èvepYerntôv yivôiisvov. Cat., xxi. .''>. ibid., col. lO'.t'J V Le Saint-Espiil est dans le chrême. comme il est dans l'eau baptismale, et il agit en lui et par lui. Ainsi l'huile parfumée est l'antitype, iv-i-rj-ov, du Saint-Esprit, ibid., I, col. 1089 A. Expression qui ne signifie pas — comme on peut le voir — qu'elle en est un simple symbole ou une simple image, mais qu'elle le contient et constitue l'élément sous lequel il exerce et cache son action. » 'fixeront. Hist. des dogmes, t. n, p. 170-171. L'effet de la confirmation est souvent indiqué par le mot açpxviç. La formule du rite (forme) était, d'après saint Cyrille : — çpa■fiç Sojpsàç xoO IIvE'J(xaToc iyî'j'j. Cat., xvm, 33, col. 1056 B. Cf. Ct t., m. i:>. xvm, 33, xxi. 1 ; xxn, 7. col. 448 A, 1056 B, 1092 H. tint B; S. Athanase, Epist. ad Serapionem, in, n. 3, P. G., t. xxvi. col. 628 B; Didyme, De Trinitate, 1. II. c. xiv. I>. G.. t. xxxix, col. 712; le Satramentaire de Sérapiun. xx, n. 2. dans Funk, Didasealia et < jinstitutiones aposl., t. n, p. 18f>: Constituliones apost., III, xvn, 1; VII, xxn. 2 ibid., t. i, p. 211, 406. Écho de la doctrine déjà implicitement acquise de l'ex opère operato. En ce qui concerne l'eucharistie, le symbolisme
  • 32.
    d'Origène est tenuen méfiance par les Cappadociens et trouve des adversaires irréductibles chez les Antiochiens, notamment Théodoie de Mopsueste et Jean Chrysostome. La réaction de Chrysostome est même excessive. S. Jean Chrysostome, In Joannem. hoin. xi.vi. n. 3; cf. In Matth., nom. i.xxxii, n. -1. P. G.. t. lix, col. 260-261, t. lviii, col. 743. Voir Tixeront, op. cit., p. 178-180. Athanase et Didyme sont dans une note réaliste qui se contente d'affirmer la présence réelle. Id.. p. 173-174. Mais, pour autant, le symbolisme ne perd pas ses droits. Dans la formule d'anamnèse qu'il présente, l'euchologe de Sérapion appelle le pain et le vin la icssemblance, ôp.oîcou.a, du corps et du sang du Monogène, xin, 12, 14, dans Funk, op. cit., t. il, p. 175. Dans son homélie xxvn, n. 17, Macaire écrit que les prophètes et les rois ont ignoré « que dans l'Église est offert le pain et le vin, figure (àvri-ruTCOv) de la chair et du sang du Christ : ceux qui participent à ce pain visible mangent spirituellement iuvsuu/xtixôç) la chair du Seigneur ». P. G., t. xxxiv. col. 705 B. Ce mot àv-rf-ruitov se lit également chez Cyrille de Jérusalem, Cat., xxm, 20; cf. xxn, 3, P. G., t. xxxiii, col. 1124 C. 1100 A: chez Grégoire de Nazianze, Oral., vin, n. 18, P. G., t. xxxv, col. 809 D; chez Épiphane Adv. hser.. lv, n. 6, P. G., t. xl, col. 981 AB. La doctrine de la conversion du pain aux corpi . du vin au sang, qui est à la base de toute la pensée des Pères grecs du iv siècle, explique l'emploi des mots 6u.oluu.oc et 4vtêtu7TOM et réduit le symbolisme eucharistique à ses justes propositons. Pour le comprendre, on devra observer que. « pour ces auteurs, le pain ct le vin, dans leui être naturel, ou par une institution de Dieu ou de Jésus-Christ, sont déjà une figure, un symbole du corps et du sang du Sauveur; (pie ces éléments deviennent, en effet, par la cori . cration - et dans leurs espèces — les signes sensibles du Christ corporellement présent, l'enveloppe réelle qui le contient ct sou, laquelle les fidèles le reçoivent. Rappelions-nous la théorie de saint Cyrille sur le chrême de la confirmation, antitype du Saint-Esprit . Tixeront, op. cit., p. 177. 178. Mais, par rapport au chrétien, ce corps et ce sang du Christ sont nourriture et breuvage spirituels. I e second sj mbolisme efficace, c'est-à-dire producteur de vie surnaturelle, est souligné par nos auteurs. Le corps est un pain spirituel, le sang un vin spirituel.
  • 33.
    Cyrille, Cat., iv,8, P. G., t. xxxiii. col. 165 A. Ils ^ont nourriture supersubstantielle (è7rioùaioç) destinée à sustenter à la fois l'âme et le corps. Caf.,xxm, 15, col. 1 120B. Grégoire de Nysse esquisse même une sorte d'explication scientifique de la transsubstantiation : la lle-t». 7cotïjtriç. Sur cette explication voir Tixeront, op. cit.. [). 182-183. Mais, par rapport à nous, le résultat de cette assimilation spontanée ■ est notre divinisation par l'union au corps de Dieu, notre incorruptibilité par notre communion à l'incorruptible. Dans les autres sacrements, la notion de symbole efficace apparaît beaucoup moins. L'efficacité de la pénitence est affirmée contre les novatiens. Grégoire de Nazianze. <>rat., xxxix. 19, P. C, t. xxxvi. col. 357 B. Quant à l'ordre, le geste symbolique et efficace de l'imposition des mains est indiqué par tous comme le moyen de conférer le sacrement. Consl. apost., 1. VIII, xvi. 2; xix. 2, édit. Funk. p. 523, 525. Seul, l'évêque peut, par l'imposition des mains, conférer l'ordre. Id., ibid., cf. xi.vi. II, p. 561. Mais cette imposition des mains était accompagnée de prières dont l'euchologe de Sérapion. xxvi-xxviii, édit. Funk, p. 189, 191 et les Constitutions apostoliques donnent les formules : VIII, v, p. 4 75 sq. ; cf. xvi, 2, p. 523 (prêtre); xvm, p. 523 (diacre); xx, p. 525 (diaconesse): xxi, 3, p. 527 (sous-diacre); xxn, 3, p. 527 (lecteurs). L'effet du sacrement est également affirmé. Saint Grégoire de Nysse observe que cet eflet est de séparer le prêtie du reste des chrétiens : bien qu'extérieurement il paraisse rester le même, une transformation intérieure s'opère en lui par une grâce et une vertu invisibles. Saint Grégoire compare cette transformation a la consécration des autels eu à la conversion eucharistique : ce qui implique un caractère permanent et stable. In baplismum Christi, P. G., t. xlvi, col. 583. Saint Jean Chrysostome, en faisant l'éloge du mariage, reprend le symbolisme indiqué par saint Paul. Eph., v, 22-23. In Eph., hom. xx, n. 4, P. G., t. i.xn. col. 139- 140. 2° Les Pères latins. — Si la notion du symbolisme efficace trouve déjà, chez les Grecs, une réelle consistance dès le ive siècle, elle nous apparaît, bien plus nette encore, principalement en ce qui concerne le baptême et l'eucharistie, dans l'Église latine. C'est d'ailleurs, comme le fait observer P. Pourrat, dans l'Église latine que s'est véritablement développée la théologie sacramentaire. Op. cit.,
  • 34.
    p. 12. 1.Autour de Tertullien. — En même temps qu'il fait l'application du mot sacramentum aux rites sanctificateurs, Tertullien commence à analyser le symbolisme efficace que recouvre la notion de sacrement. II faut avouer toutefois que sa doctrine de la corporéité relative de l'âme l'a ici desservi. Cf. É. de Backer, Sacramer.tum. Le mot et l'idée représentée par lai aans les oeuvres de Tertullien, Paris, 1905, p. 113 sq. Toutefois, il serait inexact de prétendre que Tertullien a ignoré le symbolisme sacramentel. Le symbolisme qu'il discerne est celui qui résulte de l'appropriation du rite à son effet. Un texte est vraiment remarquable
  • 35.
    The text onthis page is estimated to be only 23.19% accurate ,ll!t SACREMENTS. NOTION, LES PÈRES LATINS à ce sujet : il marque à la fois l'action extérieure parfaitement physique et réelle et, à côté de cette opération corporelle, l'effet spirituel qu'elle Hgure e1 (ju'elle produit : Caro ubluilur ut anima emaculelw; raro ungitur, ut anima consecretur; caro signatur, ut et anima muniatur; caro manus impositioneadumbralur, ut et anima spiritu illuminelur; caro corpore et sinnunnr Chrisli vescilur, ut et anima de Deo saginetur. De resurreetione carnis, c, vin. P. I... t. 11, col. 806 B. On i rouve d'ailleurs l'expression du menu- symbolisme appliqué au baptême eu d'autres écrits. Voir surtout De preescript.. c. xl. t. ri, col. 54: De baptismo, c. i. iv. ix. t. i. col. 1197, 1203, 1209. L'explication de l'efficacité du symbole sacramentel se ressent quelque peu de la philosophie matérialiste de l'auteur. Si le prêtre invoque le Saint- Esprit pour bénir les fonts, e'est que le Saint-Esprit descend dans l'eau pour lui donnei une vertu sanctificatrice. De baptismo, c. îv, t.i. col. 1204 A; cf. e. vm, col. 1207. L'imposition des mains qui suit l'ablution — vraisemblablement la confirmation — fait circuler le Saint-Espri* en nous, comme le jeu des doigts fait circuler l'air dans l'orgue. Id., ibid. Sur cette image, voir De an ima. c. m, iv, t. n, col. (151. (152. Une telle explication de l'efficacité sacramentelle — si exacte soit-elle sous un certain aspect (les textes du missel, au samedi saint, en font foi) — paraît néanmoins diminuer l'importance des paroles qui constituent ce que nous appelons la forme du sacrement. Et peut-être bien les formules de Tertullien, qu'on retrouve équivalemment chez d'autres Pères, représentent-elles une tradition dont on n'a pas assez tenu compte dans l'idée qu'on doit se faire de la réalité du sacrement. Voir plus loin, col. 533-534; 575. On sait que le symbolisme sacramentel, appliqué par Tertullien à l'eucharistie, l'a fait accuser d'enseigner un symbolisme excluant la présence réelle. Voir l'interprétation de la pensée de Tertullien, t. v, eol. 1130 sq. 11 semble bien que l'allégorisme scripturaire se complète du symbolisme sacramentel, tout en respectant la réalité de la présence eucharistique qu'exprime nettement Tertullien en
  • 36.
    maints endroits. Voirles références, t. v. col. 1130: A. d'Alès, Lu théo la/lie de Tertullien, p. 355 sq.; P. BatifTol. L'eucharistie, la présence réelle et la transsubstantiation, Paris, 1913, p. 204-226. Cf. Tixeronl, op. cit., p. 135. Si Tertullien donne le nom de sacrement au baptême, a la confirmation, à l'eucharistie et au mariage, voir ci- dessus, col. 489, il sait que la pénitence est elle aussi un signe sacré qui sanctifie celui qui la revoit. Le symbolisme du signe est peu marqué, mais son efficacité apparaît surtout dans le parallélisme établi entre le baptême et la pénitence. Analogie des effets : le baptême suppose une. pénitence qui a pour but de purifier et d'affermir le catéchumène de façon a rendre durable l'effet du sacrement. De pœnitenlia, c. vi, t. r, col. 1237 sq. Mais les défaillances se produisent, auxquelles Dieu remédie en offrant aux pécheurs une « planche de salul : » Une fois fermée la porte du pardon, une fois tiré le verrou du bapl ême, Dieu a permis qu'il demeurât encore une ouverture : il a placé dans le vestibule (de l'Église) une seconde pénitence, qu'il ouvre à ceux qui frappent. C. vu, col. 1241 B. Cette pénitence implique des rites extérieurs : confession, expiation plus ou moins longue, réconciliation par le ministère de l'évêque. C. vin, ix, 1. 1, col. 1243-1244: cf. De pudicitia, c. x, xvm, t. n. col. 1000 li: 1016 1017. Sur la forme de celte réconciliation, Tertullien ne nous donne pas de détails, mais l'effet de la uriiiu accordée par l'évêque est de taire disparaître le péché. Cette vérité, à peine esquissée uans le De psenitentia, est mise in meilleure évidence, quoique avec îles restrictions par où s'affirme l'hérésie montaniste, dan-, le De pudicitia. c. ri, lanne deliclum mit venin dispungit aut pâma... P. I... t. n, col. 985 A. Cf. Galt ici, L'Église et la rémission des péchés dans 1rs premiers siècles, p. 32; A. d'Ales. La théologie de Tertullien. p. :;i7. Le rite par lequel et aient confères les différents ordi es es1 déjà appelé par Tertullien ordinalio. De prœscript.. c. xii. t. n. eol. 56. On sait que cette ordinalio se faisait par l'imposition des mains, voir Ordre, t. xi. col. 1245-1246. Tertullien ne nous cl ï t rien de la prière qui accompagnait cette imposition des mains. Mais on peut supposer, d'après les documents quasicontemporains. i[ue cette prière appelait le SaintEsprit da.is l'âme des ordinands. Voir la Tradition apostolique
  • 37.
    d'Hippolyte, dans Duchesne,Les origines du culte chrétien, 5° éd.. appendice, et le De aleatonbus. ::. dans Texte und L'ntersuchungen. t. v, fasc. 1. Leipzig, 18Ï8. p. ltî. Quant au mariage, Teitullien lui attribue le nom de saerainenlum et lui reconnaît, après saint Paul, le symbolisme de l'union de Jésus-Christ et de l'Église. Ce symbolisme sacramentaire existait déjà dès le début de l'humanité, proclamé par Adam lui-même. Dr anima, c. xi. I'. L.. t. n, col. 665 B. Que le mariage entre chrétiens soit chose sainte. Tertullien l'affirme hautement dans le Ad uxorem. 1. 11, c. ix; la grâce du baptême sanctifie le mariage contracté dans la gentilité et Dieu le ratifie. Ibid.. c. vu, t. ï, col. 1302 B. 1299 A. Bien plus, le rite et l'efficacité du sacrement semblent déjà suffisamment exprimés dans cette phrase du c. ix : Sufficiamus ad enarrandam felicitatem ejus matrimonii, quod Ecclesia conciliai, et confirmai oblalio,
  • 38.
    The text onthis page is estimated to be only 25.48% accurate 51 I SACREMENTS. NOTION, LES PÈRES LATINS .12 la controverse, mais simplement à en dégager les conséquences dogmatiques au point de vue de la théologie générale des sacrements. D'une part. Cyprien et ies rebaptisants, tout comme leurs adversaires, confessent que l'efficacité des sacrements leur vient du Saint-Esprit. D'autre part, ils attachent l'action du Saint- Esprit au fait d'appartenir à l'Église. Comment le ministre qui, n'étant pas dans I I n'a ni la vraie foi, ni la grâce, ni le Saint-Esprit, pourrait- il en faire part à un autre? Episl., lxx, n. 1 : lxix. n. .S; lxxi. n. 1. p. 767, 757, 771. Les hérétiques sont donc incapables de conférer validement baptême, confirmation et ordre : hœrelicum hominem sieut ordinare non licet, ncc mamim imponere, ita nec baptizare, née quicquam tancte et spiritualiler gerere, quando aliénas sit a spiritali et deijica sanctitate. Epist.. lxxv, n. 7, p. 81"). L'attitude du pape Etienne et le triomphe partiel de sa pratique montrèrent qu'une tradition dogmatique (nihil innovelur nisi quod traditch est ) existait dans l'Église, disjoignant la question de la validité de celle de la licéité ou même de la fructuosité du sacrement, ou encore la question du pouvoir et celle de la valeur morale ou de la foi du mini. Ire. Le parti romain n'avait pas manqué d'ailleurs de mettre en relief, d'une manière explicite, cette dernière distinction : il insistait sur la puissance des noms divins invoqués dans la formule baptismale, puissance qui s'exerce indépendamment de la foi ou de la dignité du ministre. Cf. S. Cyprien, Epist., i.xxm, n. 4; i.xxv. n. 9, p. 781. 81."). C'est surtout dans le Liber de rebaptismate qu'est exposée cette considération dogmatique. Pour recevoir toute l'efficacité du baptême, remarque l'auteur de cet écrit, il faut renaître de l'eau et de l'Esprit. C. Il, éd. Hartel, p. 71. Sans doute, renaître de l'Esprit est la chose principale, puisque la cérémonie de l'immersion est susceptible d'être suppléée, comme on le voit dans le martyre. C. xi, xiv, xv, p. 83, 86-87, 88-89. Toutefois, on peut renaître de l'eau sans renaître de l'Esprit : l'un peut aller sans l'autre. C. in, iv, p. 73-74. Ainsi en est-il dans le baptême des hérétiques. L'immersion faite par
  • 39.
    un hérétique >au nom de Jésus » (sur cette formule employée par les Romains, voir A. d'Alès, La théologie de saint Cyprien, p. 228- 229) garde la vertu de cette invocation, et cette vertu est telle qu'elle commence l'œuvre de la régénération. Le rite n'a pas besoin d'être renouvelé. C. vi, vu, x. xn, xvi. p. 76-7X. 81. 83, 87. Si le baptisé meurt avant de revenir à la vraie foi, son baptême non seulement ne lui sert de rien, c. vi, vu, x, mais il aggrave sa condamnation. Par contre, s'il se convertit, c'est assez de compléter, par la collation du Saint-Esprit (l'imposition des mains), la première cérémonie, pour qu'elle obtienne son plein et entier effet. C. x. cf. c. xn; xv. On le voit, la querelle des rebaptisants servit, à sa manière, à faire progresser le dogme de l'efficacité du rite baptismal. Par contre, le symbolisme sacramentel n'est envisagé par Cyprien que d'une manière rapide et superficielle. L'eau signifie l'ablution intérieure de l'âme; elle garde sa signification, quel que soit le mode du baptême, immersion ou simple aspersion (infusion). Epist., i.xix, n. 12. p. 761. De même, l'huile est l'image de l'onction spirituelle de l'âme. Epist., lxx, n. 2, n. 768. I e i il- m rement est également appliqué par Cyprien a la confirmation (saeramenlo utroque mis euntur). Epist.. lxxii, n. 1; cf. lxxiii. n. 21. p. 775, 79.">. L'évêque de Carthage en indique le fruit propre : signaculum divinum, Epist.. i.xxm, n. y. p. 785; cf. n. 6, p. 783; ou signum Christi. Ad Demetrianiun c. xxii, p. 367. Pour la validité de la confirmation, connue pour celle 'lu baptême, Cyprien (comme Firl .l'un faux supposé, a savoir que pour donner le Saint-Esprit au nom du Christ, le ministre doit déjà le posséder connue mandataire de l l glise. Epist.. lxxv, n. 12. p. 81S et n. 18. p. 822. Mais, en affirmant que l'imposition des mains (manuum imponere ad accipiendum Spirilum Sanction ) confère le Saint-Esprit. Cyprien n'ignore pas que le baptême est inséparable du Saint-Esprit. La confirmation ne fait donc qu'apporter une plénitude d'un don déjà possédé. Epist.. i.xxiv. p. 802; cf. iT irmilieii ) Epist., lxxv, n. 9, p. 816. En ce qui concerne le sacrement de l'eucharistie, le symbolisme sacramentel est fortement développé et utilisé. Rappelons tout d'abord que la foi de saint Cyprien en la présence réelle est aussi ferme que possible. Voir ici Eucharistie, t. v, col. 1132 sq.; cf. .1. 'fixeront, op. cit.. t. i. p. 136
  • 40.
    sq.; P. Batiffol,op. cit., p. 227 sq. Sous ce rapport, l'efficacité du sacrement est donc indiscutable. Son symbolisme est multiple et Cyprien en présente les différents aspects selon les exigences de la controverse. Défenseur de l'unité de l'Église contre les novatiens, il trouve dans l'eucharistie le symbole de cette unité. Le pain est composé dune multitude de grains de froment moulus ensemble: il représente les fidèles unis au Christ et ne formant qu'un corps mystique avec lui. Epist., i.xix. n. 5, p. 72n. C.- symbolisme avait déjà été souligné. par la Didachè, voir col. 199. Quelques évêques d'Afrique avaient une pratique singulière, celle de ne mettre dans le calice que de l'eau, sans vin. A ces ■ aquariens », Cyprien rappelle dans la lettre lxhi la discipline de l'Église sur ce point et le symbolisme qu'il comporte : il faut les deux, vin et eau; l'eau mélangée au vin est la figure du peuple chrétien uni au Christ, n. 13, p. 711. Le symbolisme du sacrement se retrouve également dans le sacrifice : l'eucharistie est le symbole lu sacrifice du Christ; mais elle n'est pas un pur symbole, elle est aussi un vrai et complet sacrifice, n. 17, p. 715. Le sacrifice de l'eucharistie est une représentation du sacrifice du Christ, mais une représentation qui en contient vraiment la réalité. Voir le développement de ces idées dans A. d'Alès, op. cit., p. 249-262. L'efficacité du sacrement existe également par rapport aux effets produits par l'eucharistie dans l'âme du chrétien. Avant tout, l'eucharistie produit notre incorporation au Christ : « Nous demandons chaque jour que notre pain, c'est-à-dire le Christ, nous soit donné; afin que. demeurant et vivant dans le Christ, nous ne nous séparions pas de ce corps qui nous apporte la sanctification. «De oiat. dom., c. xvm. édit. Hartel, p. 280. L'eucharistie est encore le sacrement de la force et de la vaillance spirituelles, le sacrement qui fait les martyrs. Aussi, à l'approche de la persécution, saint Cyprien décide-t-il de relâcher quelque chose de la rigueur ordinaire et d'admettre à la communion même les apostats, s'ils donnent des gages de repentir. Ne faut-il pas les munir pour la vie et les armei pour de nouveaux combats? Epist., lvii, n. 2. p. 651 i Ce qui est à remarquer chez Cyprien, c'est la manière dont il veut, à l'exemple de Tcrtullicn dont il s'inspire volontiers, rendre sensible la réalité de l'action divine dans le sacrement. Tout le passage du lie oratione
  • 41.
    dominica, dont nousvenons de donner la conclusion, marque cette action dans l'eucharistie. Voir A. d'Alès, La théologie de saint Cyprien, p. 268-269. La pénitence est présentée par Cyprien comme la rémission des péchés par le ministère des prêtres. De lapsis. n. 29. p. 2.">S. Cefte seule indication suffirait a montrer que la pénitence est un sacrement. Confession (exomologèse), satisfaction, réconciliation, tels sont les trois actes de la pénitence, tels que Cyprien. âpre, Tertullien, les énumère et décrit. Les mots dont Cyprien se sert pour parler de la réconciliation :
  • 42.
    The text onthis page is estimated to be only 24.13% accurate 513 SACREMENTS. NOTION, LES PÈRES LATINS remissio, pax, communicatio (participation à la communion), indiquent bien l'effet même du sacrement. Comme Tertullien, Cyprien nous montre le rite de la réconciliation dans l'imposition des mains accomplie par l'évêque et par le clergé. Epist., xv, n. 1, p. 514; xvi. n. 2, p. 518; xvn, n. 2, p. 522; xvin. n. 1, p. 524; xix. n. 2. p. 525; i.xxi. n. 2, p. 772; lxxiv. n. 1. p. 799 (citation «lu pape Etienne), n. 12. p. 809. On trouve la même imposition de.s mains pour la réconciliation des pénitents dans deux suffrages émis au concile de septembre 256, Senientise episcoporum, n. 8 et 22, p. 441. 1 15. Nous avons ainsi, chez Cyprien, tout l'essentiel du rite sacramentel de la pénitence. Cyprien s'étend longuement sur les qualités que doivent posséder les évèques et les ministres inférieurs à l'épiscopat. 11 détaille minutieusement toutes les conditions d'une ordinatio justa et légitima. Mais il est. au contraire, très discret sur le rite sacramentel de l'ordination. Chez Cyprien. les mois ordinare, ordinatio, Epist.. lxxii, n. 2. p. 776; lxvii, n. 4, p. 738; xxxviii. p. 579-581, et d'autres mots dans le cas du prêtre et des sous-diacres et lecteurs, Epist., xr, p. 585-580, désignent immédiatement l'élection même à l'ordre; mais, dans leur sens plénier, ils expriment aussi le rite sacramentel, qu'à coup sur Cyprien ne méconnaît pas. Il y fait même une allusion directe, à propos de la consécration épiscopale de Sabinus Epist., lxvii, n. 5, p. 739. Une autre allusion se rencontre sous la plume du pape Corneille, écrivant à Cyprien, Epist., xlix, n. 1. p. 610, à propos de Xovatien, qui, on le sait, se procura l'imposition des mains de trois évèques d'Italie. Voir Ordre, t. xi, col. 1246. L'ordination a pour effet de conférer le Saint-Espiit : or, le Saint-Esprit ne se trouve que dans l'Église catholique. Les ordinations faites par des hérétiques ou des schismatiques sont donc nulles : validité et licéité ne font qu'un pour Cyprien. Epist., lxix. n. 11, p. 759; cf. n. 8, p. 757. Confusion qui sera une source de cou Hits pendant mille ans dans l'Église catholique, voir Réordinations, t. xiii, col. 2396 sq., mais qui aura du moins pour résultat, comme la querelle des rebaptisants, de mettre
  • 43.
    en évidence ladistinction entre validité et licéité. En somme, du moins pour les cinq sacrements dont on vient de parler, saint Cyprien possède déjà une notion suffisamment nette du silène sacré, producteur de la grâce dans l'âme de qui le reçoit. Peu de choses manquent encore pour arriver à la notion complète et définitive. 3. Les prédécesseurs immédiats il:' suint Augustin au IVe siècle. — ■ L'Église latine, au iv siècle, connaît, sans discussion possible, les rites producteurs de la grâce que nous désignons aujourd'hui sous le nom de sacrements. Toutefois, ce nom est encore plus spécialement réservé aux trois sacrements île l'initiation chrétienne, baptême, confirmation, eucharistie. C'est uniquement de ces sacrements qu'ont parlé saint Ainbroise dans son De mysteriis et l'auteur du De satramentis. Toutefois, ces auteurs ont émis des idées générales qui peuvent s'appliquer à tous 1rs sacrements. Ces deux auteurs distinguent nettement le rite luimême et la grâce produite en celui a qui l'on applique le rite. Ambroise, De mysteriis, n. .s. 11. 20, P. ! ■■■ t. xvi (édit. de 1866), col. 108 H. 109 C, 411 H; De sacramentis, 1. I, n. 10, col. 138 C. Mais le rite luimême comporte un symbolisme, répondant à la double nature de l'homme, et qui csl a la hase de son efficacité. L'eau ou l'ablution est la figui i cation intérieure qui résulte du baptême Cum ex duabus naturis homo, id
  • 44.
    The text onthis page is estimated to be only 28.32% accurate SACREMENTS. NOTION, LES PÈRES LATINS 5 I 5 une nette et explicite distinction de la validité et de l'efficacité nu fructuosité du sacrement, Optât s'engage cependant résolument sur la voie qui y conduit. Pour lui. trois facteurs (specics) sont à distinguer dans le baptême : la formule trinitaire avec laquelle on le confère, le croyant qui le reçoit, celui qui l'administre. Ces troi., facteurs n'ont pas la même importance : deux sont nécessaires, le troisième est d'une nécessité moindre. Tout d'abord, l'invocation trinitaire : rien ne peut se taire sans elle. Ensuite la foi du sujet baptisé. Enfin, ricina, quse simili aucioritatt esse non potest, la personne du ministre. !.. V, n. -1. col. 1051 B. Le baptême est comme un corps qui a des membres, des éléments déterminés, invariables, qui ne sauraient changer. Or, la personne du ministre ne fait pas partie de ces éléments immuables. Les sacrements sont donc indépendants de lui. Ils sont saints par eux-mêmes, non par les hommes qui les donnent : sacramenla per se esse sancta, non per homines. Col. 1053 A. Les hommes ne sont que les ouvriers, les ministres de Dieu, les instruments de Jésus-Christ, ministre principal du baptême. Ils ne sont pas les maîtres du sacrement qui est chose divine, ils ne font qu'en appliquer le rite. C'est Dieu qui purifie l'âme et la sanctifie et non pas l'homme. Col. 1053 A. Optât parle d'une manière générale et étend lui-même ses conclusions à la confirmation. L. VII, n. 4, col. 1089 AB. L'importance accordée par Optât à la formule trinitaire montre que cet auteur rejetait comme invalide le sacrement administré par des hérétiques, faute de vraie foi dans le sujet ou le ministre. On cite surtout 1. I. n. 12; 1. V, n. 1, col. 007-908, 1045 A. Voir aussi saint Pacien, Epist., m, n. 3, 22. P. L., t. xiii. col. 1065, 1078. Quoi qu'il en soit, Optât n'hésite pas en ce qui concerne le baptême des simples schismatiques et des pécheurs manifestes : leur baptême est valide et ne doit pas être renouvelé. Cf. 1. V, n. 3, col. 10-18 B. Les Pères du ive siècle admettent que le baptême est efficace même à l'égard des enfants sans raison. Zenon, Tractalus, 1. II, xm, n. 11; cf. 1. II, xi.in, n. 1, P. L., t. xi, col. 353 B, 493; Sirice,
  • 45.
    Epist., i, n.3. P. L., t. xm, col. 1135 A. Il leur est nécessaire pour entrer dans le royaume des cieux. Ambroise, De Abraham. 1. II, c. xi, n. 84, P. L., t. xiv (édit. de 1800). col. 521 C. Ce baptême est unique et ne saurait être renouvelé, s'il est administré validement. Zenon, Tract., 1. II. xxxvi, P. L., t. xi, col. 482: Ambroise. In Luc. 1. VIII, n. 78, P. L., t. xv. col. 1880 D. Du côté du sujet, certaines dispositions sont la condition de l'intervention divine. C'était déjà la thèse de saint Optât; mais on note encore quelques hésitations touchant la portée de cette condition. S'agit-il d'une condition à la validité ou simplement à la fructuosité du sacrement? La chose n'est pas claire. Voir la lettre de Sirice à Himérius de Tarragone, n. 2. P. L., t. xm, col. 1133 A, et S. Ambroise, De Spirilu Sancto, 1. I. c. m, n. 42, P. L., t. xvi. ecl. 743 A. Nous trouvons également chez nos auteurs les indications relatives aux ministres du baptême. Cf. S. Jérôme, Dialng. contra lucijerianos, n. 9, P. L., t. xxm (édit. d. 1865), cil. 172 BC. Mais ils s'étendent surtout sur lis effets produits par ce sacrement. Le baptême efface les péchés, nous dépouille du vieil homme, nous revêl de Jésus-Christ et nous régénère; il nous rend les temples de Dieu, les enfants adoptifs de Dieu, nous communique le Saint-Espri*, donne à nos corps l'immortalité et nous met en possession de l'héritage céleste. Cf. s. Hilaire, In ps. lziii, n. 11; 1X711, n. 30; ;,.|-, n. II. /'. L., t. ix. col. 344 A. 165 A, 128 C; In Mallh., c. n, n. 6; c x. n. 21. ibid., 516 col. 927 B, 970 C: Yictorin de Pettau, In epist. ad . in. v. 27; iv, y 10. P. L.. t. vin, col. 1173 B, 1181 B: Zenon. Tract., 1. I, xn, n. 4; xm, n. 11; 1. II, xiv, n. 1; xxvii, n. 3: xl: l; lxiii, P. L., t. xi. col. 311 D. 353 A. 436 sq., 469 B, 488 sq., 506, 519 A; S. Pacien, Serm. de baptismo, n. 3, 0, P. L., t. xm, col. 1091. 1C92; S. Ambroise, In ps. cxviii, serm. i. n. 17. P. L., t. xv. col. 1271 D; De Caîn et A bit. 1. II. n. in. t. xiv. col. 364 Ali: De inlerpellatione .lui, et David, 1. IL n. 36. ibid., col. 800 CD; cf. De sacramentis, 1. III, c. i, n. 2. P. L., t. xvi, col. I5il C: S. Jérôme, Dialng. contra luciferianns. n. 6, P. L., t. xxm. col. 108-100: Nicétas. De sijmbolo, n lu. P. L., t. lu, col. 871 C. Le rite de la confirmation présente, lui aussi, le symbolisme et l'efficacité propre aux rites sacramentels. C'était l'imposition de la main et l'onction d'huile parfumée qui la suivait. L'existence de ce rite est affirmée par tous nos auteurs. En
  • 46.
    sortant de lapiscine baptismale, le baptisé recevait une onction verticale sur la tête, et l'évêque lui imposait ensuite la main en invoquant l'Esprit septiforme. Sur cette onction, faite avec le saint chrême par le prêtre ou par l'évêque, voir ici t. n, col. 210. Bien n'indique qu'elle appartint à la confirmation. C'est au IVe siècle que l'usage s'introduisit à Rome, et plus tard dans les Églises de rite gallican, d'ajouter à l'imposition de la main un signe de croix fait au front avec le pouce trempé dans le saint chrême. Voir ici, t. m, col. 1939. Cf. P. Galtier, La consignation à Carthage et à Rome, dans Recherches de science religieuse, juillet 1911; La consignation dans les Églises d'Occident, dans Revue d'histoire ecclésiastique, janvier 1912. Le résultat de cette cérémonie est de parfaire le chrétien, quia post fonlem superest ut perfectio fiât, de faire descendre en lui l'Esprit-Saint, de lui imprimer une marque, un caractère, spirilale signaculum, signaculum quo fides pleno fulgeat sacramento. De sacramentis, 1. III, n. 8, P. L., t. xv, col. 434; S. Ambroise, De mysteriis, n. 41-42, t. xvi, col. 401-402. Saint Ambroise expose les multiples symbolismes de la confirmation. L'onction rappelle l'onction faite autrefois sur la tête et sur la barbe d'Aaron; elle est la figure de l'onction spirituelle, par laquelle nous sommes oints membres du royaume de Dieu et prêtres. Ibid., n. 30, col. 415. Sur la distinction de la confirmation et du baptême, voir plus loin. Institution des sacrements, et ici, t. ni, col. 1041-1H12. Les Pères du ive siècle n'ont aucune hésitation sur la puissance de.- paroles consécratoires du pain et du vin dans l'eucharistie. La présence réelle est un dogme affirmé par eux avec une netteté absolue. Voir ici Eucharistie, t. v, col. 1151-1158. Si quelques expressions leui échappent encore, empruntées au symbolisme des espèces sacramentelles, elles ne détruisent pas la force de leur témoignage en faveur du réalisme et s'expliquent facilement en raison du symbolisme lui-même dont elles procèdent. Ce symbolisme sacramentel de l'eucharistie est exprimé avec une rare précision par saint Ambroise, grâce à sa doctrine déjà très explicite de la conversion eucharistique. La • ration divine » de l'eucharistie, « opérée par les paroles mêmes du Christ », « change la nature > du pain et du vin et en fait « le sacrement du corps et du U Sauveur ». Quand on considère ce mystère, bien mieux encore
  • 47.
    que lorsqu'il s'agitdu baptême, il ne faut pas s'arrêter à ce qui se voit. Ce qui se voit, c'est le sacrement du corps et du sang du Christ, c'est-à-dire le signe, le symbole sous lequel le corps et le sang du Christ sont réellement piésents : Forte dicas : aliud video, quomodo tu mihi asseris quod Christi corpus accipiam ?... Probemus non hoc esse quod natura formaoit, sed quod benediclio consecravit...
  • 48.
    The text onthis page is estimated to be only 21.43% accurate .M 7 SACREMENTS. NOTION, LES PÈRES LATINS 518 Quod si tuntum valu.it hvir.ana benedictio, ut naluram converteret (cf. III Reg . wiii. 38). quid dicimus de ipsa consecraticne divina, ubi m bu ipsa ! salvatoris cpcrantur? Nom sacramentum istud qui il accipis, Christi sermone conficitur... Ante benedictionem verborum cselestium alla species ncminatur, post consecralionem corpus signiftcatur. De mijsteriis, n. 50, 52, 54, P. t., t. xvi, col. 422 C, 123 C Cf. De saeramentis, 1. IV. n. 1-1. 23. col. I l [63 B Ce texte ambroskn est capital; il marque non seulement le symbolisme des espèces après la consécration, mais encore l'efficacité des paroles empruntées au Christ lui-même. La même valeur d'expression se retrouve dans le texte du De saeramentis, dont l'auteur semble avoir copié saint Ambroise : Tu forte diels : Meus punis est usiialus. Sut punis iste punis est unie verbu sacramentorum : ubi accesserit consecratio, de pane fit caro Christi. Et, pour expliquer l'efficacité des paroles sacramentelles, il prend l'ex< mple de la création : Si innlu vis est in sermone lit mini Jesu ut inciperent esse qiw m n n mit, quanto magis operalorius est ut sint quse étant et m atiud et wn:uteniur. Et la même efficacité se révèle par rapport au vin : Ante verba Christi calix est vini et uquie plenus : ubi verbu Christi operata juerinl, ibi snnyuis Christi rflicitur. qui plebem redemit. L. IV, n. 14- 16, 19, 23; Cf. 25; 1. VI, n. 2-4. P. /... t. xvi, col. 459 sq., 462 A, 463 B, 40-1 A, 473 sq. Outre l'efficacité dans la conversion au corps et au sang du Christ, il y a encore l'efficacité sanctifiante de l'eucharistie. C'est ce fine l'évêque de Milan veut exprimer en affirmant que le corps de Jésus-Christ dans l'eucharistie est un eorps spirituel, c'est-à-dire une nourriture spirituelle, la nourriture que peat donner le Verbe qui est esprit. De mysteriis, n. 58, P. L., t. xvi, col. 42G B. Aussi l'auteur du De saeramentis, îecommande-t-il la communion fréquente, voire quotidienne : Accipe quotidie quod quotidie tibi prosit. Sic vive, ut quotidie merearis accipi re. L. V, n. 25, t. xvi. col. 471 C. Il blâme les Grecs qui ne communient qu'une fois l'an. ld.. ibid. Cette communion exige des dispositions de la part
  • 49.
    du chrétien, toutau moins une conscience pure. La communion sacrilège encourt une condamnation divine. Cf. Zenon. Tract., 1. L xv, n. 6, P. L.. t. xi, col. 566; S. Ambroise, De psenilenlia, 1. II, n. 87, t. xvi. col. 539 AB; l'Ambrosiaster, In episl. D"1 ad Cor., xi, 27-29, t. xvu, col. 25G CD. Bien reçue, l'eucharistie produit dans l'âme des fruits précieux. Le premier et le plus grand est de nous faire entrei par la chair du Christ en participation de s:l divinité : quia idem Dominus nosler Jésus Christus consors esl et divinitatis et corporis; et tu. qui accipis carnem, divine ejus substuntin- m illo participaris alimente De saeramentis, 1. VI, n. I. /'. I. . t. xvi, col. 17.". A: cf. S. Hilaire, De Trinitate, 1. VIII, n. 13 II. P. L., t. x, col. 246-247. Cette participation à la divinité du Sauveur nous communique la vie, la vie surnaturelle. la vie éternelle, la rémission des péchés, le pouvoir de produire des œuvres de salut e. de nous combler de joie céleste. Cf. S. Hilaire, In ps. CXXVIl, n. 6, P. L.,t. ix, cal. 706 B; S. Ambroise, De benediclionibus patriureliurum. n. :;'.'. P. £., t. XIV, col. 720 A; In lue., 1. X, n. 49, t. xv, col. [908 C: et l'auteur 'lu De saeramentis, 1. V, n. 11 17, I. xvi. col. 468 169. Les autres sacrements, pas plus au iv> siècle qu'aux époques précédentes, ne se prêtent, sous la plume des écrivains eccli m; stiques, à des considérations sur leur symbolisme. Du moins leur efficacité est-elle attestée, avec la même loree. Saiul Patien affirme, dans l'Église, le pouvoir de pardonner les péchés, «a- pouvoir apparticnl aux eveques. qui mil reçu le droit de lier ci de délier. Epist., III, n. 12; cf. Dpist.. i. 5. C. non pas qu'ils le fassent par leur propre vertu, mais parce qu'ils il au nom de Dieu : Solus hoc, inquics. liens poterit. Verum est. si il et quod ;>er sacerdotes suos jnc.it, ipsius potestas est. Ibid., î, n. 6; m. n. 7. Ce pouvoir n'est pas attaché à Imr sainteté personnelle, mais il découle tout entier ex apostolico jure, i. n. 7, et il est distinct iu pouvoil de remettre les péchés dans le baptême, m. n. il. P. L.. t. xm, col. 1071, 10J .. q., 1057 A. ici >; AD. 1058A, 1070 sq. Bien plus. Pacien établit un parallélisme entre l'action des sacrements de baptême e1 de confirmation et l'action de la discipline péniti ntit lie. Si ergo et lavacri et chrismalis potestas, majorum (et) longe charismatum ad episcopos inde descendit (c'est-à-dire des apôtres), et ligundi qui, que jus adfuii nique solvendi. Epist., i. n. Ci, /'. I... t. xm, col. 1057.
  • 50.
    Voir ici. t.xn, col. 810. Saint Ambroise enseigne pareillement l'efficacité de la pénitence, le pouvoir des prêtres de remettre les péchés, pouvoir tmprunté à Dieu lui-même et dans l'exercice duquel les prêtres ne sont que l'instrument de la Trinité : Eeee quia per Spiritum Sanction fiereata donanlur. Domines autem in remissionem peccalorum minislerium suum exhibent, non jus alicujus potestalis exercent. Neque enim in suo, sed m Pntris et Filii et Spirilus Sancli m mine peccata dimitlunt. De Spirilu Sancto, I. III, n. 137, P. L., t. xvi, col. 842 D. Cf. De pxnilentia, 1. I, n. 7. 36, 37, col. 1X8. 497 CD. 498 A; Inps.ZZXVllJ, n.37, 38, t.xiv, col. 11C7-1108; Inps. i.WHI. si Tin. x. n. 17. P. 1... t. xv, col. 14(lâ; De Cain et Abel, 1. II, n. 15. P. L., t. xiv, col. 368 D. Voir également S. Hilaire, In Malth., c. xvm. n. 8, P. L.. t. ix, col. 1021 B; S. Jérôme, Epist.. xiv, n. 8, P. L., t. xxii, col. 352; In Eeclcsieisten, c. xn, f. 4, P. L., t. xxni, col. 1165; Tractalus in ps. xcv, dans Anccdeiia Maredsolana, m (2), p. 134. Nous n'avons pas ici à considérer les actes de la pénitence, ni les progrès qu'y apporte la discipline du rv« siècle, en Occident. Voir ici t. xn, col. 794 sq. Le seul point qui importe au concept du sacrement est de savoir si la sentence de réconciliation portée par l'Église est simplement déclaratoire au for de Dieu, ou si elle possède une réelle efficacité par rapport à la rémission même des péchés. Voir ici. t. xn, col. 810812. (>n ne peut nier que certains textes, notamment de saint Jérôme, In Malth., xvi, f. 19, P. L.. t. xxvi, col. 118; cf. Diatog. adv. luciferianos, n. 5, t. xxm, col. 167, laisseraient penser à une formule déclaratoire. Voir aussi S. Ambroise. De Spirilu Sancto, 1. III, n. 137, /'. I... t. xvi. col. 842 D-843 A. Mais ces textes peuvent ê1 ie et . a ni Ire avis doivent être — -interprétés dans le sens d'un pouvoir ministériel, instrumental, excluant . en ce qui concerne le premier texte de Jérôme, le pouvoir île juger arbitrairement, de lier l'innocent cl de (li lu r le coupable. Les lextes de saint l'acien, de saint Ambroise et du De saeramentis sont assez nets pour nous donner l'idée d'un véritable pouvoir de remettre les péchés, mais d'un pouvoir communiqué par Dieu à l'homme, son instrument. Pour la première fois, apparaît une- mention de l'extrême-onction, dans la lettre xxv d'Innocent I" . Décentius, n. 11, P. L., t. xx, col. 559 sq. Pour l'exégèse de cette lettre, en ce qui concerne l'extrême-onction,
  • 51.
    voir ce mot,t. v, col. 1952 sq. Deux points importent ici. Innocent reconnaît l'extrême onction comme l'un des sacrements : elle doit être nlusée' aux pénitents, qui bus reliqua sacramenlu negantur. De plus, il lui reconnaît, sans l'expliquer positivement, un certain effet par rapport au malade, sans exclure, s'il y a lieu, la rémission même des péchés. Sans doute, le mot siierunienlu encore ici le sens qu'il aura plus tard, mais il désigne a coup sur une opérai ion sanctifiante pour
  • 52.
    Welcome to ourwebsite – the ideal destination for book lovers and knowledge seekers. With a mission to inspire endlessly, we offer a vast collection of books, ranging from classic literary works to specialized publications, self-development books, and children's literature. Each book is a new journey of discovery, expanding knowledge and enriching the soul of the reade Our website is not just a platform for buying books, but a bridge connecting readers to the timeless values of culture and wisdom. With an elegant, user-friendly interface and an intelligent search system, we are committed to providing a quick and convenient shopping experience. Additionally, our special promotions and home delivery services ensure that you save time and fully enjoy the joy of reading. Let us accompany you on the journey of exploring knowledge and personal growth! ebookfinal.com