Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Every university affiliated member (faculty, staff, student, grant-funded positions, visitors, etc) is required to read and abide by the University’s Acceptable Use Policies.  The Office of Information Security and the Internal Audits work closely to ensure compliance is being kept. Regular departmental audits from both teams occur and results are shared with the department’s corresponding Office of Information Technology. CNS IT works to implement these required security settings and configurations across all managed/supported devices.  Specific policies can be found in the Information Resources and Security Policies site. 

  • Hardening Checklists for those looking to manage and maintain their systems can be found here: Hardening Checklists
  • CNS IT has no authorization to offer policy exceptions for any systems.  If  If you feel your system should be exempt from any policy/security requirements, please submit an exception so the Information Security Office may get the request and determine exemption status.   https://forms.security.utexas.edu/misc/exception
    • If an exception is given, please forward the notice to CNS IT via email help@cns.utexas.edu so that we may have it on record.


CNS Department of IT - User Services

(Help Desk and Desktop Support)

SERVICES

OIT Managed System

Self Managed

User’s Options?

OS Installation

Latest Windows OS

Latest Mac OS

OIT Fully Supported and Maintained

Device Admin must have a Supported OS on device (Cannot be older than 3 versions). 

Local System Admin agrees to manage application, OS updates, and upgrades.

All security patches must be installed on device at any given time. Unsupported OS will be quarantined by campus Information Security Office. CNS OIT can assist with the upgrade/updates on research computers. Personal computers  (staff-funded devices) are the sole responsibility of the staff member.

Hardware Repair

Full Assessment and Remediation

CNS OIT provides best effort for Dells Optiplex/Latitude line


, Apple line.

Others

Other models or legacy systems are limited best effort.

CNSOIT runs diagnostics on hardware:
If hardware fails, device admin

/dept

or department is responsible for purchasing hardware.
If hardware issue is the hard drive,

CNSOIT Do

CNS OIT images and Device Admin/User configures and/or restores from their backup.

Software Support

Reinstall only

Full Assessment and Remediation

CNS OIT assists with reinstall ONLY. Configuration is responsibility of device admin.

CNS OIT not provide Application configuration support, only reinstalls. Device Admin/Staff is responsible for supplying software and licenses.

Administrative Access

IT admin access
Fully Monitored

User assigned to System

CNSOIT

must monitor admin access to device

CNS OIT retains admin access to computer to assist with best effort troubleshooting. Admin/Staff retains admin access to manage computer updates/upgrades/compliance. Password Policies

Software Updates

Macs: Alerts with guidance from CNS IT

Windows: Scheduled push from Central IT

Non-standard apps:

Users are responsible for maintaining these apps by regularly installing security updates

User responsibility

Admin

Device admin is responsible for all critical updates.

ISO

Information Security Office will quarantine if critical updates are missing. Un-quarantine procedure

includes admin scanning

requires local admin scan/eliminate for viruses/malware and running updates.

Admin

Local admin alerts CNSOIT through quarantine ticket of remediated/cleaned/updated

box

system. CNSOIT removes quarantine after verification.

Antivirus

Managed by Central IT

User responsibility

Admin

Device admin responsible for all antivirus updates. ISO will quarantine if the machine is infected. Un-quarantine procedure includes admin scanning for viruses and running updates. Admin alerts CNSOIT of cleaned/updated box. CNSOIT removes quarantine.

Data Backup

System Managed by Central IT but user must verify backup is regularly taking place. Email alerts are sent to user if there is a failed backup.

User responsibility

Admin

Device admin responsible for backing up data using UTBackup (crash plan) or 3rd party service with encrypted external volume. Admin responsible for file restores from these backups.

CNSOIT

CNS OIT responsible for re-imaging if OS damaged and Admin responsible for data/software restore.

Data RetentionUser ResponsibilityUser responsibilityBased on data classification standards, users must identify such data and apply data retention schedules against it.

Data Recovery

CNS OIT sets up Crashplan as a system backup. Recovery efforts utilize this service.

Best Effort

CNSOIT runs diagnostic and data recovery (if possible). If unrecoverable, alternative option lies with third-party and admin/dept assumes financial responsibility for using service.

Encryption

Managed at the Central IT level

User responsibility

Admin responsible for complying with ISO requirements for data encryption. All machines on the network must be encrypted. Admin responsible for supplying inventory of encrypted machines and encryption key management. https://security.utexas.edu/policies/encryption

**Inventory

CNS OIT. User is required to answer any questions related to the system and the data it stores.

User responsibility

Admin responsible for maintaining an inventory of all equipment under their administration. Periodic inventory audits will require that they identify all machines noted in the audit.

Network Quarantines due to viruses

CNS OIT provides full support for managed machines.

CNS IT handles case via a format/OS reinstall

minus Absolute Manage User

.  User handles data recovery and other software installs.

Device Admin scans for viruses and running updates. Device Admin alerts

CNSOIT

CNS OIT of cleaned/updated box.

CNSOIT

CNS OIT removes quarantine. If the system is quarantined more than once during a semester, the quarantine will only be lifted after

CNSOIT

CNS OIT re- images the system and the Admin restores cleaned files/software from backup.

...


NOTE: By default, users are set as standard users on their systems.  A local CNSOIT management account is set as admin to allow the support tools to interact with the client machine.  If there is a business case for having administrative access (provided that you have read and understood the Administrative Responsibility Matrix), an exception must be filed with the UT Information Security Office.  Once approved, the administrative account will be supplied and the customer will be responsible for using it only to escalate privileges to perform certain tasks on the device.  IT IS NOT to be used to log in regularly as a regular account to perform daily activities like email or web browsing. IT IS NOT to be used to escalate any standard account to admin account or any admin account to standard account.  This must be performed only by the CNS IT group once an exception for the change has been granted.  IT IS NOT to be used to remove management or administrative tools installed by CNS IT.  Such actions will be reported to the CNS Executive Director of IT and could be escalated to the UT Information Security Office for further disciplinary action.


Related articles

Filter by label (Content by label)
showLabelsfalse
max5
spacescnsoitpublic
showSpacefalse
sortmodified
reversetrue
typepage
cqllabel = "kb-how-to-article" and type = "page" and space = "cnsoitpublic"
labelskb-how-to-article

Page Properties
hiddentrue


 
Related issues