Administrative Procedures Manual. Office of Information Technology Services Cape Fear Community College October 23, 2015
|
|
- Valentine Perkins
- 5 years ago
- Views:
Transcription
1 Administrative Procedures Manual Office of Information Technology Services Cape Fear Community College October 23,
2 Introduction Cape Fear Community College has adopted the IT Standards published 1 by the North Carolina Community College Institutional Information Processing System (IIPS) users group. Those standards, in turn, fall under the NC Department of IT s Statewide Information Security Manual 2. In this document, where CFCC follows the standard, only that is noted. When there is a change from the standard, additional information is provided. 1 IIPS Standard published online at < 2 Security Manual available online at < 2
3 Chapter 1 Classifying Data and Legal Requirements 1.1 Classifying and Storing Information 1.2 Complying with Legal Obligations 3
4 Chapter 2 Securing the End User 2.1 Controlling Access to Information and Systems Managing Access Control Standards (See Standard ) Managing User Access (See Standard ) Requesting and Granting User Access The process to create network user accounts has been automated. Basic network access is automatically assigned and removed based on the HR position information entered in Colleague User Names User names are automatically generated by the Colleague process that creates user accounts in Active Directory. The standard is for the user name to be made up of the first initial, middle initial, last name, last 3 digits of the Colleague PERSON ID, and a sequential digit in the case of a duplicate user name Colleague (ERP system) User access to the Colleague system must be requested by an employee s supervisor. The Colleague Access Form must be filled out and signed by the employee, the employee s supervisor, and the Vice President of the employee s division. When the paperwork has been completed, the ERP Administrator will create the OPERS and SVM records that grant access to the system to the employee s user account New User Orientation New employees are required to attended the HR orientation and given the option to attend an IT-specific orientation offered by the Help Desk Colleague (SIS) Training Training on the SIS system is handled by the individual departments Access from Workstations The Colleague system is accessed through a GUI client that communicates with a dedicated UI server. All traffic to the database server flows through the UI server. Inactive sessions are disconnected after they have been idle for 30 minutes. The type of data a user has access to is restricted by the security classes assigned to the user. The data a user can extract is limited to the screens and reports to which he has access. Transfer of files (ex: FTP) is denied by default and allowed only to users who have a business need. Access to the Informer report tool is given to all employees. Users are restricted to data based on their role as defined in the Colleague security system Additional Access Control On the Colleague server the system security is managed at the application level in Colleague with the use of security classes that restrict access to mnemonics, office codes that allow access to certain documents in the Communication Management modules, and a few record-level security subroutines that restrict access to individual fields and/or records. 4
5 2.1.3 Securing Unattended Work Stations All employee workstations are configured to activate the screen saver after 15 minutes of inactivity. The user is required to re-authenticate to get back on the computer Managing Network Access Controls Default Network Access to Colleague All services on the Colleague servers blocked by the local firewall. Only required services are opened to the network: 1. DMI Listeners - required for Colleague access through UI, WebAdvisor, SelfService, and Mobile 2. UniRPC - required for reporting by Informer 3. SSH - System Administrators have secure shell access to perform privileged duties in an encrypted environment NOTE: Users do not access the Colleague server directly, but instead connect to the UI server and that passes the traffic back to the Colleague server Controlling Access to Operating System Software System Administrators General system administration at the operating system level is accomplished through the sudo tool. It allows access to operating system tools through a set of access control lists (ACLs) and logs every use of those tools. The root account is used only by the ERP System Administrator and the Assistant ERP System Administrator Managing Passwords (See Standard ) Passwords Passwords follow the Active Directory standards: eight characters long or more, and must contain at least one upper case and one lower case letter, and one number and or a special character. Passwords cannot contain any part of a users name. Passwords should not be something that is easily guessed (ex. children s names, spouse s name, pets). Passwords will expire every 90 days. Passwords must not be shared with anyone, and if written down, must be kept in a secure place (ex. wallet or purse) and must not be left on the desk or posted on the monitor Non-expiring Passwords for Service Accounts RISK ACCEPTED: Because certain remote systems need to be able to log into the Colleague server and the passwords have to be encoded in the remote server (and in the case of the DMI and EPL users are used to encrypt the keystore files), these non-user accounts have passwords that never expire. Until such a time as a mechanism can be developed to reliably update all the passwords in a timely manner to avoid interrupting the service. Accounts affected: matrix - for the nightly matrix index download epladmin - E-Procurement entity client user dmiadmin - Datatel DMI process user ezadmin - Easy Spooler administrator login Monitoring System Access and Use 5
6 2.1.8 Controlling Remote User Access (See Standard ) Access from the Network Outside access to the server VLANs is blocked by a firewall. Access Control Lists allow connections from college-owned computers connected to the employee VLANs Remote Access through VPN Access to the Colleague system from VPN is controlled by the VPN-COLLEAGUE user group in Active Directory. Supervisor permission through a KBox ticked is required before a user is added to the group Contracting with External Suppliers/Other Service Providers Third parties, including vendors, suppliers, contractors, and consultants, are required to follow the college s IT security policies. Access is granted only when required for performing work, and with the full knowledge and prior approval of the information asset owner. Access shall be removed when contract or service is complete. 2.2 Personnel Information Security Responsibilities 2.3 Training and Awareness 6
7 Chapter 3 Securing the Network 3.1 Networks 3.2 System Operation and Administration 3.3 and Internet Communication 3.4 Telephones and Faxes 3.5 Securing Data 3.6 E-Commerce Issues 3.7 Wireless Networks Wireless Networks Wireless access points (APs) are segmented from the colleges internal wired local area network (LAN). Additionally guest wireless access is segmented from student and employee wireless access Secure Wireless CFCC s wireless network uses the secure 802.1X protocol to authenticate, encrypt and segment different kinds of traffic. Employees of the college who are authenticated by the wireless controllers are granted secure access to the internal VLANs. 7
8 Chapter 4 Securing Systems 4.1 Purchasing and Installing Software 4.2 Software Maintenance, Upgrade, and Disposal Technical Vulnerability Management Applying Patches to Software (See Standard ) Loading Colleague Patches Colleague software updates will often need to be loaded once a week. The software updates are released by the System Office in Raleigh after they have gone through their testing procedures. Software Updates shall be loaded in the Test environment when they are first released and the users responsible for testing will be notified of what software updates have been loaded and the documentation that accompanied the software updates. Software updates should be tested for at least one week before being loaded in the Production environment. User approval in the form of a comment on the KBox ticket related to the software update must be received before loading any update Upgrading Software Supporting Application Software Operating System Software Upgrades (See Standard ) Solaris Patches on the Colleague Server Patches are loaded once a quarter on the Colleague server with the Recommended Patch cluster. The system office sends out an message to coordinate all the community colleges in downloading the same dated patch cluster. Then once it has been tested on the system office server they will send out a second message stating that the patch cluster is okay to load. At that point a time to load the cluster on the Colleague is scheduled Support for Operating Systems Recording and Reporting Software Faults 8
9 4.2.8 Disposing of Software 4.3 Controlling Software Code 4.4 Software and System Development 4.5 Software and Systems Operations Managing System Operations and System Administration Log-on Procedures System Utilities Data Validation Controls Data Recovery Controls Corruption of Data Monitoring Error Logs (See Standard ) System Auditing Log files are created by the system at the OS level and reviewed daily by the System Administrators. The basic log files (/var/adm/messages, /var/adm/syslog, /var/adm/lastlog) are automatically filtered and archived daily to be kept for a year. Additional log files (/var/adm/authlog, /var/adm/maillog) are filtered and mailed to the system administrators for inspection, but an archived copy is not kept. The Colleague application creates a log of each batch process that is run on the system that can be viewed by UTRR. While not checked on a regular basis, these can be a useful tool to find out when a process was executed and by whom Scheduling System Operations (See Standard ) Weekly System Maintenance Schedule A weekly maintenance period is scheduled from 5:30 AM to 7:00 AM every Thursday morning, except for when the business schedule requires the system to be available (Ex: during registration, year-end processing, etc.). 9
10 4.5.9 Monitoring Operational Audit Logs Responding to System Faults 4.6 Testing & Training 4.7 Web Site Development and Maintenance 4.8 Purchasing and Installing Hardware 4.9 Cabling, UPS, Printers and Modems 4.10 Using Portable Computing and Storage Devices 4.11 Other Hardware Issues 4.12 Data Management Managing Data Storage Managing Databases (See Standard ) Colleague: Database Maintenance Weekly file maintenance is necessary for the UniData database files used by the Colleague system. Every night the WEEKLY.UDT.FILE.ANALYSIS (WUFA) process runs to calculate the new blocksize and modulo for each file and creates a DATATEL.RESIZE.FILES paragraph. Once a week the DATATEL.RESIZE.FILES paragraph should be run to resize the files Managing Folders/Directories (See Standard ) 10
11 File and Directory Permissions Colleague Server The default umask on the Colleague server is 07 for users and 0022 for root, which means files normally are created as 770 by users and 755 by root. Since all users on the system are in the group "users, it means that every user on the system can read and modify files created by other users. Files created by root can only be modified by root, but can be read and executed by anyone. RISK ACCEPTED: the Ellucian Colleague software requires that all users be able to modify database-related files at the operating system level. Application level security restricts what users can have access to (see security in section ) Unidata The UniData catalog (currently /usr/ud73/sys/ctlg) that holds global subroutines and other program code is set up with world-writable permissions on every subdirectory. UPDATE ( ): the permissions and ownership of these files has been changed to remove the world write access, but this must be applied each time a new version of UniData is installed Easy Spooler The following files in /var/spool/lps/adm have world write access. -rw-rw-rw- 1 root root Aug 1 10:57./adm/queue -rw-rw-rw- 1 root root Aug 1 10:57./adm/pctl -rw-rw-rw- 1 root root Aug 1 06:36./adm/rclog -rw-rw-rw- 1 root root Aug 1 06:30./adm/queue.old -rw-rw-rw- 1 root root Aug 1 05:45./adm/pctl.old -rw-rw-rw- 1 root root Jul 28 15:58./adm/oldrclog -rw-rw-rw- 1 root other 2482 Mar 6 10:33./adm/ezpref_root.ezr RISK ACCEPTED: These files will be left alone until the impact of changing the permissions can be established Sharing Data on Software and Information Systems Updating Student and Business Information 4.13 Backup, Recovery and Archiving Backup and Recovery of Systems (See Standard ) System Backup Backup Schedules There are three different backup schedules on the Colleague server and each schedule has a specific frequency and retention rate. Hourly Snapshot - retained for 24 hours Daily Incremental Backup - retained for 1 week 11
12 Weekly Full Backup - retained for 1 year Hourly All data files are kept on a dedicated Storage Area Network (SAN). The SAN management software creates a disk-level snapshot every hour that can be used to recover files from deletion or other soft errors. The snapshot is then replicated to the SAN at the North Campus Data Center where it is available for recovery from a hardware failure or other hard error Daily Incremental The daily backup is performed by the Unitrends appliance and uses it s own agent to create a file-level backup of the server OS and data Weekly Full The weekly backup is also performed by the Unitrends appliance and is scheduled to run on Sunday Data Recovery Restore from the Backup Appliance Files are restored from back-up through the Unitrends Management Interface ( When restoring single files it is best practice to choose to restore them to a different location and then copy the files back to the original location once the contents have been verified. When restoring to the production environment, the data owner must verify that the data has been restore correctly before resuming production activity Restore From SAN There are two methods one can use to restore data from the SAN. The first is to is copy individual files from from a local snapshot, and the second is to roll back to a known good snapshot on the SAN (warning: a rollback is permanent) Backing Up Data on Portable Computers 4.14 Using Outsourced Processing and Third Party Services 12
13 Chapter 5 Physical Security 5.1 Premises Security 5.2 Other Premises Issues 13
14 Chapter 6 Cyber Security Incident Response 6.1 Combating Cyber Crime 6.2 Reporting Information Security Incidents 14
15 Chapter 7 Business Continuity and Risk Management 7.1 Business Continuity Management 7.2 Information Technology Risk Management Program 15
16 Appendix A Revisions [2015] October 23 - Jakim Friant - Reformatted the document to follow the headings from the latest IIPS IT Standards. Updated the section on Colleague backups. Added the information about secure wireless. [2015] October 20 - Jakim Friant - Updated the document for SACS. Removed all references to the legacy (IIPS) system. Updated the Colleague information to reflect the changes to the software (Release 18), SAN, and Backups. Removed outdated information about automatic and manually process. [2007] May 8 - Jakim Friant - Updated the link to IT forms in section Link. In section Link, added a short description of Default Access, and added udssltelnet to the list of default access ports. Updated the script name in section Link. Changed the title from Information System Analyst to Colleague System Administrator in section Link. Added Informer to the list of data extraction tools in section Link. Changed "You" to "One" in the update paragraph in section Link. Added two sections (Link and Link) about backing up to and restoring from the new IPStor SAN. [2006] August 1 - Jakim Friant - Added a new list of world-writable files that are used by Easy Spooler and updated the notes about UniData to reflect the changes in permissions in section Link. [2006] May 8 - Jakim Friant - Added a note about the online resources (knowledge base, etc) with the URL. [2006] March 28 - Jakim Friant - Added information about the way the syslog is configured in section Link. Added note on UniData directory permissions in section Link. [2006] March 27 - Jakim Friant - Updated user creation guidelines and added links to the Colleague form in section Link. Updated the section on automated processes to reflect the fact that these have moved from IIPS to Colleague. Added notes about the log filter script in section Link. Added appendices on cron schedules and firewall ports. Removed the section on patch removal since it is duplicated in the knowledge base. [2006] March 16 - Jakim Friant - Began converting layout to match the IT Standards released by the System Office. [2006] Jan Jakim Friant - Added additional information about restoring from back-up tapes. Added information about system accounts that have passwords which do not expire. Updated section Link with current guidelines on creating user accounts. Added guidelines to review log files (section Link), on the securing of terminals that transmit and receive data (section Link), and notes about Datatel s transaction logging (section Link) [2006] Jan Jakim Friant - Added information about /etc/gateways on Solaris servers in section Link. Added section Link covering user access to system data. Removed Part 5 about common solutions since it was out-dated. [2005] Sept Jakim Friant - Renamed section Link. Updated section Link to include SSH access. Content under Security changed to a subsection labeled additional access control, and the password subsection moved under security. Added section Link on system auditing and log files. 16
!IlflimTIII~III~III~l~I~IIII!
This document is made available electronically by the Minnesota Legislative Reference Library as part of an ongoing digital archiving project. http://www.leg.state.mn.us/lrl/lrl.asp 12-0429!IlflimTIII~III~III~l~I~IIII!
More informationISO27001 Preparing your business with Snare
WHITEPAPER Complying with ISO27001 Preparing your business with Snare T he technical controls imposed by ISO (International Organisation for Standardization) Standard 27001 cover a wide range of security
More informationAUTHORITY FOR ELECTRICITY REGULATION
SULTANATE OF OMAN AUTHORITY FOR ELECTRICITY REGULATION SCADA AND DCS CYBER SECURITY STANDARD FIRST EDITION AUGUST 2015 i Contents 1. Introduction... 1 2. Definitions... 1 3. Baseline Mandatory Requirements...
More informationTexas A&M AgriLife Research Procedures
Texas A&M AgriLife Research Procedures 29.01.99.A0.02 Enterprise File Service Approved: December 15, 2011 Revised: September 12, 2014 Next Scheduled Review: September 12, 2019 PROCEDURE STATEMENT This
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants
More informationWHITE PAPER- Managed Services Security Practices
WHITE PAPER- Managed Services Security Practices The information security practices outlined below provide standards expected of each staff member, consultant, or customer staff member granted access to
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationState of Colorado Cyber Security Policies
TITLE: State of Colorado Cyber Security Policies Access Control Policy Overview This policy document is part of the State of Colorado Cyber Security Policies, created to support the State of Colorado Chief
More informationINFORMATION ASSET MANAGEMENT POLICY
INFORMATION ASSET MANAGEMENT POLICY Approved by Board of Directors Date: To be reviewed by Board of Directors March 2021 CONTENT PAGE 1. Introduction 3 2. Policy Statement 3 3. Purpose 4 4. Scope 4 5 Objectives
More informationIT CONTINUITY, BACKUP AND RECOVERY POLICY
IT CONTINUITY, BACKUP AND RECOVERY POLICY IT CONTINUITY, BACKUP AND RECOVERY POLICY Effective Date May 20, 2016 Cross- Reference 1. Emergency Response and Policy Holder Director, Information Business Resumption
More informationSymantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. For Red Hat Enterprise Linux 5
Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark For Red Hat Enterprise Linux 5 Symantec ESM Baseline Policy Manual for CIS Benchmark for Red Hat Enterprise Linux 5 The software
More informationa. UTRGV owned, leased or managed computers that fall within the regular UTRGV Computer Security Standard
Kiosk Security Standard 1. Purpose This standard was created to set minimum requirements for generally shared devices that need to be easily accessible for faculty, staff, students, and the general public,
More informationDATA BACKUP AND RECOVERY POLICY
DATA BACKUP AND RECOVERY POLICY 4ITP04 Revision 01 TABLE OF CONTENTS 1. REVISION RECORD... 3 2. PURPOSE... 4 3. SCOPE AND APPLICABILITY... 4 4. DEFINITIONS AND ABBREVIATIONS... 4 5. POLICY STATEMENTS...
More informationInformation Security Data Classification Procedure
Information Security Data Classification Procedure A. Procedure 1. Audience 1.1 All University staff, vendors, students, volunteers, and members of advisory and governing bodies, in all campuses and locations
More informationGeneral Policy Imaging
General Policy Imaging Purpose: The purpose of establishing an imaging system on the BSC campus is to reduce the amount of physical space that is necessary for storing paper records and the ease of the
More informationCanadian Access Federation: Trust Assertion Document (TAD)
1. Canadian Access Federation Participant Information 1.1.1. Organization name: DOUGLAS COLLEGE 1.1.2. Information below is accurate as of this date: November 16, 2017 1.2 Identity Management and/or Privacy
More informationCyber security tips and self-assessment for business
Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this
More informationVeritas NetBackup Copilot for Oracle Configuration Guide. Release 2.7.2
Veritas NetBackup Copilot for Oracle Configuration Guide Release 2.7.2 Veritas NetBackup Copilot for Oracle Configuration Guide Documentation version: 2.7.2 Legal Notice Copyright 2016 Veritas Technologies
More informationZyLAB delivers a SaaS solution through its partner data center provided by Interoute and through Microsoft Azure.
Security In today s world, the requirement to focus on building secure solutions and infrastructure has become an important part of the value that businesses deliver to customers and resellers. This document
More informationMinimum Security Standards for Networked Devices
University of California, Merced Minimum Security Standards for Networked Devices Responsible Official: Chief Information Officer Responsible Office: Information Technology Issuance Date: Effective Date:
More informationSymantec Enterprise Security Manager Baseline Policy Manual for Security Essentials. Solaris 10
Symantec Enterprise Security Manager Baseline Policy Manual for Security Essentials Solaris 10 Symantec ESM Baseline Policy Manual for Security Essentials for Solaris 10 The software described in this
More informationAltius IT Policy Collection
Altius IT Policy Collection Complete set of cyber and network security policies Over 100 Policies, Plans, and Forms Fully customizable - fully customizable IT security policies in Microsoft Word No software
More informationSymantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. AIX 5.3 and 6.1
Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark AIX 5.3 and 6.1 Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark for AIX 5.3 and 6.1 The software
More informationUTAH VALLEY UNIVERSITY Policies and Procedures
Page 1 of 6 POLICY TITLE Section Subsection Responsible Office Retention of Electronic Files Facilities, Operations, and Information Technology Information Technology Office of the Vice President of Finance
More informationSnapCenter Software 4.0 Concepts Guide
SnapCenter Software 4.0 Concepts Guide May 2018 215-12925_D0 doccomments@netapp.com Table of Contents 3 Contents Deciding whether to use the Concepts Guide... 7 SnapCenter overview... 8 SnapCenter architecture...
More informationServer Security Policy
Server Security Policy Date: Januray 2016 Policy Title Server Security Policy Policy Number: POL 029 Version 3.0 Policy Sponsor Policy Owner Committee Director of Business Support Head of ICU / ICT Business
More informationProcess Document. Scope
Process Document Subject: BCIT Access Management Process Process Number: I.0.02.00.01 Department Name: Information Technology Version: 1.4 Original Issue Date: Revision Date: 03/22/2010 Process Owner:
More informationEkran System v Program Overview
Ekran System v. 6.2 Program Overview Contents About the Program Login Ekran Server & Management Tool Notifying Users about Being Database Management Monitored Licensing User Blocking Client Installation
More informationLouisiana State University System
Louisiana State University System PM-36: Attachment 1 TABLE OF CONTENTS AND CHAPTERS 1-12 SECTION PAGE I. Chapter 1 -Securing Systems, Hardware, Software and Peripherals...6 A. Subunit 1 -Purchasing and
More informationNetBackup Copilot for Oracle Configuration Guide. Release 2.7.1
NetBackup Copilot for Oracle Configuration Guide Release 2.7.1 NetBackup Copilot for Oracle Configuration Guide Documentation version: 2.7.1 Legal Notice Copyright 2015 Symantec Corporation. All rights
More informationAccess to University Data Policy
UNIVERSITY OF OKLAHOMA Health Sciences Center Information Technology Security Policy Access to University Data Policy 1. Purpose This policy defines roles and responsibilities for protecting OUHSC s non-public
More informationUniversity Information Technology Data Backup and Recovery Policy
University Information Technology Data Backup and Recovery Policy I. Purpose and Scope A. The purpose of this policy is to document the University of Utah Information Technology (UIT) data backup and recovery
More informationActive Directory User Management System (ADUMS) Release User Guide
Active Directory User Management System (ADUMS) Release 2.9.5 User Guide Revision History Version Author Date Comments (MM/DD/YYYY) i RMA 08/05/2009 Initial Draft Ii RMA 08/20/09 Addl functionality and
More informationITD SERVER MANAGEMENT PROCEDURE
ITD SERVER MANAGEMENT PROCEDURE PURPOSE This procedure ensures the operation and maintenance of all ITD servers in a safe and effective fashion. This is achieved by the routine monitoring and timely update
More informationSparta Systems TrackWise Solution
Systems Solution 21 CFR Part 11 and Annex 11 Assessment October 2017 Systems Solution Introduction The purpose of this document is to outline the roles and responsibilities for compliance with the FDA
More informationThe University of Texas at El Paso. Information Security Office Minimum Security Standards for Systems
The University of Texas at El Paso Information Security Office Minimum Security Standards for Systems 1 Table of Contents 1. Purpose... 3 2. Scope... 3 3. Audience... 3 4. Minimum Standards... 3 5. Security
More information7.16 INFORMATION TECHNOLOGY SECURITY
7.16 INFORMATION TECHNOLOGY SECURITY The superintendent shall be responsible for ensuring the district has the necessary components in place to meet the district s needs and the state s requirements for
More informationXO SITE SECURITY SERVICES
XO SITE SECURITY SERVICES 1.0 Product and Services 1.1 Product Description. XO Site Security (the "Service") is a managed security service which uses Premises-based, multi-threat sensing Customer Premises
More informationSolution Pack. Managed Services Virtual Private Cloud Managed Database Service Selections and Prerequisites
Solution Pack Managed Services Virtual Private Cloud Managed Database Service Selections and Prerequisites Subject Governing Agreement Term DXC Services Requirements Agreement between DXC and Customer
More informationSparta Systems TrackWise Digital Solution
Systems TrackWise Digital Solution 21 CFR Part 11 and Annex 11 Assessment February 2018 Systems TrackWise Digital Solution Introduction The purpose of this document is to outline the roles and responsibilities
More informationNETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS
NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities
More informationVirtual Server Service
ITS Service Level Agreement February 2016 Virtual Server Service What is a Virtual Server? A virtual server (also known as a virtual machine ) is a server that runs on shared physical equipment. Usually,
More informationPayment Card Industry Internal Security Assessor: Quick Reference V1.0
PCI SSC by formed by: 1. AMEX 2. Discover 3. JCB 4. MasterCard 5. Visa Inc. PCI SSC consists of: 1. PCI DSS Standards 2. PA DSS Standards 3. P2PE - Standards 4. PTS (P01,HSM and PIN) Standards 5. PCI Card
More information1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010
Standard CIP 011 1 Cyber Security Protection Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes
More informationBackup and Recovery FAQs
Backup and Recovery FAQs Introduction The Backup and Recovery application is an easy to use, easy to manage data backup and disaster recovery solution for your DeltaV Distributed Control System (DCS),
More informationVMware vcloud Air SOC 1 Control Matrix
VMware vcloud Air SOC 1 Control Objectives/Activities Matrix VMware vcloud Air goes to great lengths to ensure the security and availability of vcloud Air services. In this effort, we have undergone a
More informationSymantec NetBackup Vault Operator's Guide
Symantec NetBackup Vault Operator's Guide UNIX, Windows, and Linux Release 7.6 Symantec NetBackup Vault Operator's Guide The software described in this book is furnished under a license agreement and may
More informationIntroduction. How Does it Work with Autodesk Vault? What is Microsoft Data Protection Manager (DPM)? autodesk vault
Introduction What is Microsoft Data Protection Manager (DPM)? The Microsoft Data Protection Manager is a member of the Microsoft System Center family of management products. DPM provides continuous data
More informationSolution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites
Solution Pack Managed Services Virtual Private Cloud Security Features Selections and Prerequisites Subject Governing Agreement DXC Services Requirements Agreement between DXC and Customer including DXC
More informationINFORMATION TECHNOLOGY NETWORK ADMINISTRATOR ANALYST Series Specification Information Technology Network Administrator Analyst II
Adopted: July 2000 Revised : April 2004; August 2009; June 2014; February 2018 INFORMATION TECHNOLOGY NETWORK ADMINISTRATOR ANALYST Series Specification Information Technology Network Administrator Analyst
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationIBM Spectrum Protect Version Introduction to Data Protection Solutions IBM
IBM Spectrum Protect Version 8.1.2 Introduction to Data Protection Solutions IBM IBM Spectrum Protect Version 8.1.2 Introduction to Data Protection Solutions IBM Note: Before you use this information
More informationAccess Control Procedure
HIPAA Security Procedure # Last Revised: 3/15/2006 Approved: Scope of Procedure The scope of this Policy covers the unique user identification and password, emergency access, automatic logoff, encryption
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationOnCommand Unified Manager 7.2: Best Practices Guide
Technical Report OnCommand Unified : Best Practices Guide Dhiman Chakraborty August 2017 TR-4621 Version 1.0 Abstract NetApp OnCommand Unified is the most comprehensive product for managing and monitoring
More informationNetwork Security Policy
Network Security Policy Date: January 2016 Policy Title Network Security Policy Policy Number: POL 030 Version 3.0 Policy Sponsor Policy Owner Committee Director of Business Support Head of ICU / ICT Business
More informationPage 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES
002 5 R1. Each Responsible Entity shall implement a process that considers each of the following assets for purposes of parts 1.1 through 1.3: i. Control Centers and backup Control Centers; ii. Transmission
More informationUCOP ITS Systemwide CISO Office Systemwide IT Policy. UC Event Logging Standard. Revision History. Date: By: Contact Information: Description:
UCOP ITS Systemwide CISO Office Systemwide IT Policy UC Event Logging Standard Revision History Date: By: Contact Information: Description: 05/02/18 Robert Smith robert.smith@ucop.edu Approved by the CISOs
More informationSubject: University Information Technology Resource Security Policy: OUTDATED
Policy 1-18 Rev. 2 Date: September 7, 2006 Back to Index Subject: University Information Technology Resource Security Policy: I. PURPOSE II. University Information Technology Resources are at risk from
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants
More informationCalifornia State Polytechnic University, Pomona. Server and Network Security Standard and Guidelines
California State Polytechnic University, Pomona Server and Network Security Standard and Guidelines Version 1.7 April 4, 2008 Table of Contents OVERVIEW...3 AUDIENCE...3 MINIMUM NETWORK AND SERVER SECURITY
More informationTrust Services Principles and Criteria
Trust Services Principles and Criteria Security Principle and Criteria The security principle refers to the protection of the system from unauthorized access, both logical and physical. Limiting access
More informationeprost System Policies & Procedures
eprost System Policies & Procedures Initial Approval Date: 12/07/2010 Revision Date: 02/25/2011 Introduction eprost [ Electronic Protocol Submission and Tracking ] is the Human Subject Research Office's
More informationIBM Tivoli Storage Manager Version Introduction to Data Protection Solutions IBM
IBM Tivoli Storage Manager Version 7.1.6 Introduction to Data Protection Solutions IBM IBM Tivoli Storage Manager Version 7.1.6 Introduction to Data Protection Solutions IBM Note: Before you use this
More informationISSP Network Security Plan
ISSP-000 - Network Security Plan 1 CONTENTS 2 INTRODUCTION (Purpose and Intent)... 1 3 SCOPE... 2 4 STANDARD PROVISIONS... 2 5 STATEMENT OF PROCEDURES... 3 5.1 Network Control... 3 5.2 DHCP Services...
More informationServer Security Procedure
Server Security Procedure Reference No. xx Revision No. 1 Relevant ISO Control No. 11.7.1 Issue Date: January 23, 2012 Revision Date: January 23, 2012 Approved by: Title: Ted Harvey Director, Technology
More informationRich Powell Director, CIP Compliance JEA
Rich Powell Director, CIP Compliance JEA Review access control requirements CIP-003 and CIP-007 Discuss compliance considerations Implementation Strategies Hints/Tips for audit presentation Account Control
More informationPOLICY 8200 NETWORK SECURITY
POLICY 8200 NETWORK SECURITY Policy Category: Information Technology Area of Administrative Responsibility: Information Technology Services Board of Trustees Approval Date: April 17, 2018 Effective Date:
More informationLakeshore Technical College Official Policy
Policy Title Original Adoption Date Policy Number Information Security 05/12/2015 IT-720 Responsible College Division/Department Responsible College Manager Title Information Technology Services Director
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More informationService Description: Cisco Technical Services Advantage (Releases 1.0 through 2.3)
Page 1 of 8 Service Description: Cisco Technical Services Advantage (Releases 1.0 through 2.3) This document describes Cisco Technical Services Advantage support services. Related Documents: This document
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: St. Thomas University Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationVeeam Agent for Microsoft Windows
Veeam Agent for Microsoft Windows Version 2.1 User Guide December, 2017 2017 Veeam Software. All rights reserved. All trademarks are the property of their respective owners. No part of this publication
More informationIT Services IT LOGGING POLICY
IT LOGGING POLICY UoW IT Logging Policy -Restricted- 1 Contents 1. Overview... 3 2. Purpose... 3 3. Scope... 3 4. General Requirements... 3 5. Activities to be logged... 4 6. Formatting, Transmission and
More informationCloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017
Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017 Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only, and
More informationMEETING ISO STANDARDS
WHITE PAPER MEETING ISO 27002 STANDARDS September 2018 SECURITY GUIDELINE COMPLIANCE Organizations have seen a rapid increase in malicious insider threats, sensitive data exfiltration, and other advanced
More informationIdentity Firewall. About the Identity Firewall
This chapter describes how to configure the ASA for the. About the, on page 1 Guidelines for the, on page 7 Prerequisites for the, on page 9 Configure the, on page 10 Monitoring the, on page 16 History
More informationVeeam Endpoint Backup
Veeam Endpoint Backup Version 1.5 User Guide March, 2016 2016 Veeam Software. All rights reserved. All trademarks are the property of their respective owners. No part of this publication may be reproduced,
More informationDRAFT 2012 UC Davis Cyber-Safety Survey
DRAFT 2012 UC Davis Cyber-Safety Survey UNIT INFORMATION Enter the following information. Person completing report Email Phone Unit (include sub-unit information, if appropriate) College/School/Office
More informationWindows Server Security Best Practices
University Information Technology Services Windows Server Security Best Practices Page 1 of 13 Initial Document Created by: 2009 Windows Server Security Best Practices Committee Document Creation Date:
More informationRecords Information Management
Information Systems Sciences Records Information Management Region V Spring Conference March 26, 2015 Was I supposed to keep that 1 Where did we store that 2 Space Issues. Need storage space for a classroom
More informationComputerized Central Records System
POLICY 111.2 Computerized Central Records System REVISED: 02/07, 09/11, 07/17 RELATED POLICIES: CFA STANDARDS: 34.13 REVIEWED: AS NEEDED A. PURPOSE The purpose of this policy is to establish procedures
More informationUser Guide. Version R95. English
Cloud Backup User Guide Version R95 English September 11, 2017 Copyright Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS
More informationWireless Security Access Policy and Agreement
Wireless Security Access Policy and Agreement Purpose The purpose of this policy is to define standards, procedures, and restrictions for connecting to Fort Valley State University s internal network(s)
More informationUniversity of Sunderland Business Assurance PCI Security Policy
University of Sunderland Business Assurance PCI Security Policy Document Classification: Public Policy Reference Central Register IG008 Policy Reference Faculty / Service IG 008 Policy Owner Interim Director
More informationEkran System v Program Overview
Ekran System v. 5.1 Program Overview Contents About the Program Ekran Server & Management Tool Database Management Licensing Client Installation Monitoring Parameters Client Protection Advanced User Authentication
More informationChildren s Health System. Remote User Policy
Children s Health System Remote User Policy July 28, 2008 Reason for this Policy This policy defines standards for connecting to the Children s Health System (CHS) network from any remote host. These standards
More informationGDPR Draft: Data Access Control and Password Policy
wea.org.uk GDPR Draft: Data Access Control and Password Policy Version Number Date of Issue Department Owner 1.2 21/01/2018 ICT Mark Latham-Hall Version 1.2 last updated 27/04/2018 Page 1 Contents GDPR
More informationEmployee Security Awareness Training Program
Employee Security Awareness Training Program Date: September 15, 2015 Version: 2015 1. Scope This Employee Security Awareness Training Program is designed to educate any InComm employee, independent contractor,
More informationSecurity Standards for Information Systems
Security Standards for Information Systems Area: Information Technology Services Number: IT-3610-00 Subject: Information Systems Management Issued: 8/1/2012 Applies To: University Revised: 4/1/2015 Sources:
More informationInterCall Virtual Environments and Webcasting
InterCall Virtual Environments and Webcasting Security, High Availability and Scalability Overview 1. Security 1.1. Policy and Procedures The InterCall VE ( Virtual Environments ) and Webcast Event IT
More informationSouthington Public Schools
3543 POLICY REGARDING RETENTION OF ELECTRONIC RECORDS AND INFORMATION I.POLICY The Board of Education (the Board ) complies with all state and federal regulations regarding the retention, storage and destruction
More informationUT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES
ACCESS MANAGEMENT Policy UT Health San Antonio shall adopt access management processes to ensure that access to Information Resources is restricted to authorized users with minimal access rights necessary
More informationSample Security Risk Analysis ASP Meaningful Use Core Set Measure 15
Sample Security Risk Analysis ASP Meaningful Use Core Set Measure 15 Risk Analysis with EHR Questions Example Answers/Help: Status What new electronic health information has been introduced into my practice
More informationmacos Security Checklist:
WHITE PAPER macos Security Checklist: implementing the Center for Internet Security Benchmark for macos Recommendations for securing macos The Center for Internet Security (CIS) benchmark for macos is
More informationSecuring the Data Center against
Securing the Data Center against vulnerabilities & Data Protection Agenda Virtual Virtualization Technology How Virtualization affects the Datacenter Security Keys to a Secure Virtualized Deployment and
More informationNortel Enterprise Reporting Quality Monitoring Meta-Model Guide
NN44480-110 Nortel Enterprise Reporting Quality Monitoring Meta-Model Guide Product release 6.5 and 7.0 Standard 01.03 November 2009 Nortel Enterprise Reporting Quality Monitoring Meta-Model Guide Publication
More informationI. PURPOSE III. PROCEDURE
A.R. Number: 2.11 Effective Date: 2/1/2009 Page: 1 of 5 I. PURPOSE This policy outlines the procedures that third party organizations must follow when connecting to the City of Richmond (COR) networks
More informationStandard Req # Requirement D20MX Security Mechanisms D20ME II and Predecessors Security Mechanisms
GE Digital Energy D20MX - NERC - CIP Response Product Bulletin Date: May 6th, 2013 Classification: GE Information NERC Critical Infrastructure Protection Response Overview The purpose of this document
More information