This site is brought to you by the Electrical and Computer Engineering department

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

  • Collaboration Services
  • Database Services (MySQL)
  • Directory Services
  • File Services (Storage)
  • Mail Services
  • Web Services

The University's Executive Compliance Committee (ECC) has made a policy change that requires all commodity servers to be physically or virtually located in the University Data Center.  Such a change helps to address a number of risks that the committee has been monitoring over the years.  Note: The policy change has been published, but it will not be made effective until September 01, 2014.

 

Commodity servers are defined as systems providing basic information technology services to university affiliates (e.g., web services, mail services, file services, database services, directory services, collaboration services).  

There were roughly 600 commodity servers identified as having high-volume activity that were located outside of the University Data Center. The ECC has asked the Information Security Office to work with each affected unit on the final disposition of each server.

Exception Process

https://security.utexas.edu/exception/

You should consider structuring your exceptions around the following:
http://security.utexas.edu/policies/irusp.html#section_5_19

  • business case for exception
  • physical controls for exception
  • logical controls for exception

What is meant by logical controls?

5.18.5. Unattended computing devices must be secured from unauthorized access. Physical security options include barriers such as locked doors or security cables. Logical security options include screen saver passwords and automatic session time-outs.

which would apply to both systems (5.18.5) and to physical access of the room itself via authentication mechanism (e.g. BACs).  Whatever system is in place would probably have to comply with permissions, logging/auditing.

 


 

  • No labels

Confluence Documentation | Web Privacy Policy | Web Accessibility