This site is brought to you by the Electrical and Computer Engineering department

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 14 Next »

The University's Executive Compliance Committee (ECC) has made a policy change that requires all commodity servers to be physically or virtually located in the University Data Center.  Such a change helps to address a number of risks that the committee has been monitoring over the years.  Note: The policy change has been published, but it will not be made effective until September 01, 2014.

More details on the policy change can be found at: http://security.utexas.edu/policies/irusp.html#section_5_23_3

Commodity servers are defined as systems providing basic information technology services to university affiliates (e.g., web services, mail services, file services, database services, directory services, collaboration services).  

There were roughly 600 commodity servers identified as having high-volume activity that were located outside of the University Data Center. The ECC has asked the Information Security Office to work with each affected unit on the final disposition of each server.

 

  • Collaboration Services
  • Database Services (MySQL)
  • Directory Services
  • File Services (Storage)
  • Mail Services
  • Web Services

 

Collaboration Services

University Wiki Service

UTBox

Exception Process

https://security.utexas.edu/exception/

You should consider structuring your exceptions around the following:
http://security.utexas.edu/policies/irusp.html#section_5_19

  • business case for exception
  • physical controls for exception
  • logical controls for exception

What is meant by logical controls?

According to the Information Security Office (ISO), logical security controls would consist of implementing permissions, logging, and auditing mechanisms for access to unattended systems.  For example, physical access of the "server room" should have an Access Control System in place to track who has access to a particular area, and logs when an individual has entered the controlled area.

 

University Affiliates

University affiliates are individuals who have relationships with The University of Texas at Austin outside of traditional employment. The incumbent can be paid or unpaid, and may have a university affiliate assignment in addition to other assignments at the university. They may be individuals who need access to university services, such as laboratories or parking privileges, and prior to HRMS, received these accesses through 0% appointments or through Official Visitor letters. Not all university affiliates require access to university services; designating the most appropriate level of privileges determines eligibility and access to services for all incumbents assigned to a position.

University Affiliate Types

University Affiliate Assignment Requirements

 

  • No labels

Confluence Documentation | Web Privacy Policy | Web Accessibility