Keeping IT Secure
Ensuring the safety and security of campus IT resources is an on-going, high-priority concern. To that end, Brad Englert, Chief Information Officer (CIO), has directed all Information Technology Services (ITS) directors to account for each of the servers and services they manage. Such accountability helps prevent security incidents that can compromise critical assets and impede forward progress of the University.
Specifically, directors must verify that all servers and services in their area of responsibility are being managed effectively. This includes:
- Updates, patches, and back-ups occurring in a timely manner
- Central resources being leveraged where ever possible
- Lead and alternate system administrators assigned and cross trained
- Managers routinely verifying the status of the servers and services they manage
The Core group in ITS Systems is responsible for managing ITS servers centrally, supporting the goal to reduce the number of stand-alone systems that can jeopardize campus IT assets. As technology permits, the goal is to have all ITS servers virtualized; great strides towards this goal have been accomplished the past year.
While there are exceptions to this approach, such as specialized “appliances” or other unique devices, all directors must ensure that these exceptions are pre-approved by the Information Security Office (ISO). The ISO has an Exception Reporting tool. Please feel free to contact the ISO, For those with questions about submitting an exception, please feel free to contact the ISO directly.
As a reminder, administrators and supervisors who have ISO exceptions on file to manage servers themselves must comply with ISO and ITS policies, or this exception will be revoked. All ITS servers--whether managed centrally by the ITS Systems Core team or not--must be properly configured, updated, backed-up and managed in order to significantly reduce the risk of a system breach or data disclosure. All supervisors need to be aware of their accountability to the CIO and the campus community with respect to these responsibilities.