Goal 1: Maintain Security of ITS Enterprise Systems

Similar documents
Goal 1: Maintain Security of ITS Enterprise Systems

Goal 1: Maintain Security of ITS Enterprise Systems

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

SYMANTEC DATA CENTER SECURITY

One Hospital s Cybersecurity Journey

Optimizing Infrastructure Management with Predictive Analytics: The Red Hat Insights Approach

CONFIDENTLY INTEGRATE VMWARE CLOUD ON AWS WITH INTELLIGENT OPERATIONS

Security Configuration Assessment (SCA)

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

7 Steps to Complete Privileged Account Management. September 5, 2017 Fabricio Simao Country Manager

VMware vsphere with ESX 6 and vcenter 6

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Juniper Vendor Security Requirements

Hybrid Data Security Overview

Microsoft SharePoint Server 2013 Plan, Configure & Manage

Datacenter Security: Protection Beyond OS LifeCycle

Advanced Solutions of Microsoft SharePoint Server 2013

CLOUD WORKLOAD SECURITY

Security Architecture

Dell helps you simplify IT

Copyright 2015 EMC Corporation. All rights reserved. Published in the USA.

University of Pittsburgh Security Assessment Questionnaire (v1.7)

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Enterprise Data Architect

P a g e 1. Teknologisk Institut. Online kursus k SysAdmin & DevOps Collection

QuickBooks Online Security White Paper July 2017

Pasiruoškite ateičiai: modernus duomenų centras. Laurynas Dovydaitis Microsoft Azure MVP

the SWIFT Customer Security

Software Defined Storage for the Evolving Data Center

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE

Demystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases. Gen Fields Senior Solution Consultant, Federal Government ServiceNow

Advanced Solutions of Microsoft SharePoint Server 2013 Course Contact Hours

Advanced Solutions of Microsoft SharePoint 2013

CyberPosture Intelligence for Your Hybrid Infrastructure

Cyber Resilience. Think18. Felicity March IBM Corporation

Reinvent Your 2013 Security Management Strategy

NEN The Education Network

SERVICE CATALOG. Find more information here RDX.com /

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

ORACLE SERVICES FOR APPLICATION MIGRATIONS TO ORACLE HARDWARE INFRASTRUCTURES

IBM Spectrum Protect Plus

HCX SERVER PRODUCT BRIEF & TECHNICAL FEATURES SUMMARY

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Web Hosting: Mason Home Page Server (Jiju) Service Level Agreement 2012

Automating the Top 20 CIS Critical Security Controls

K12 Cybersecurity Roadmap

Strategic Action Plan. for Web Accessibility at Brown University

Integrigy Consulting Overview

Provisioning SQL Databases

OneUConn IT Service Delivery Vision

Red Hat CloudForms Hybrid Cloud Management (CL220)

Texas A&M University: Learning Management System General & Application Controls Review

Provisioning SQL Databases

Technology Roadmap for Managed IT and Security. Michael Kirby II, Scott Yoshimura 04/12/2017

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

McAfee Database Security

Total Protection for Compliance: Unified IT Policy Auditing

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

SOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE

Data Security and Privacy at Handshake

Transforming your IT infrastructure Journey to the Cloud Mike Sladin

Internet of Things. Internet of Everything. Presented By: Louis McNeil Tom Costin

The CISO is the owner of the vulnerability management process. This person designs the process and ensures is implemented as designed.

Virtualization with VMware ESX and VirtualCenter SMB to Enterprise

Information Security at Veritext Protecting Your Data

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015

Oracle Enterprise Manager Ops Center 12c Administration Ed 3

Hyperconverged Infrastructure: Cost-effectively Simplifying IT to Improve Business Agility at Scale

VMware vsphere 5.5 Professional Bootcamp

IT Enterprise Services. Capita Private Cloud. Cloud potential unleashed

Pointnext. Services for Database Modernization Destination: Easy on-ramp to hybrid cloud with SQL. Kevin Lange HPE Master Database Architect HPES02

Ellipse Support. Contents

STRATEGIC PLAN

Cyber Security Program

Virtualization with VMware ESX and VirtualCenter SMB to Enterprise

Cloud Customer Architecture for Securing Workloads on Cloud Services

Cloud First Policy General Directorate of Governance and Operations Version April 2017

Cloud Security Whitepaper

Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010

Course 10233: Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010

IBM Security Guardium Analyzer

Automate the Lifecycle of IT

Protecting Your Investment in Java SE

Technology Roadmap for Managed IT and Security. Michael Kirby II, Scott Yoshimura 05/24/2017

ORACLE DATABASE LIFECYCLE MANAGEMENT PACK

Controlling Costs and Driving Agility in the Datacenter

Three Key Considerations for Your Public Cloud Infrastructure Strategy

Training 24x7 DBA Support Staffing. Administering a SQL Database Infrastructure (40 Hours) Exam

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

SIMPLIFY IT. Transform IT with VCE and Vblock TM Infrastructure Platforms. Copyright 2011 VCE Company LLC, All rights reserved.

Copyright 2011, Oracle and/or its affiliates. All rights reserved.

Transform Your Business To An Open Hybrid Cloud Architecture. Presenter Name Title Date

MEETING ISO STANDARDS

Windows Server The operating system

Microsoft Certified System Engineer

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

Transcription:

INFORMATION TECHNOLOGY SERVICES University Technology Administration, Infrastructure and Support Open Systems Infrastructure Calendar Year 2019 Overview The primary mission of Open Systems Infrastructure is: to manage all central enterprise storage, backup, and recovery services for the University to provide central file storage services to departments and users to provide virtual machine services to University departments to provide virtual application services to University departments to provide hardware and operating system support for all central Unix and Linux enterprise systems to provide web hosting services, mail listserv services, and file transfer services for the University to administer the service and system monitoring service for enterprise ITS systems and services to support the University s Disaster Recovery systems Goal 1: Maintain Security of ITS Enterprise Systems Continue maintenance information communication for FSU ITS/ERP including regular meetings and documentation. Continue regular credentialed Nexpose scans of hosts and work with application teams to mitigate/remedy identified issues, especially those outside of the core operating system (including hosts within the Disaster Recovery arena). Complete monthly scans of all RHEL systems and share reports with ISPO. Examine additional perspectives on MEAS credentialed scans to identify verified exploitable security issues and CvSS scores from report results. Develop a good working knowledge of the Kenna Security tool new to ISPO and contribute to methods of use for IOS assets. 1

Develop a good working knowledge of Splunk and how the tool can contribute to trouble shooting security issues. Develop a good working knowledge of Insights and how this RHEL tool examines and reports on RHEL security issues. Initiate Oracle database specific Nexpose scans of ITS Oracle databases. Coordinate with ISPO to perform Personally Identifiable Information (PII) scans for ITS systems. In 2019, anticipate regular meetings with ISPO SOC staff and IOS Enterprise Security. Continue to assist Middleware in reviewing ihealth results of qkview file evaluation of all F5 instances monthly with MW to identify security issues to be addressed. With respect to application security updates, assist application owners in awareness of needed updates. Continue working with ITS senior management on firming security goals and prioritization for ITS systems through documentation and recommendations. Prepare for cloud security considerations as FSU ITS builds its cloud presence. Continue to examine Privileged Access Management (PAM) applications and make recommendation for FSU ITS/ERP implementation. Implement Multi-Factor Authentication (MFA) for remote access to key critical ITS systems and applications. Provide communication outreach to FSU Department customers of MEAS systems on post vulnerability scans and remediation follow up similar to FSU Department customers of LEAS systems. In 2019 plan for an updated joint Unix/Microsoft presentation is planned for the ITS Managers on ITS Vulnerability Status & Review. Continue and complete information gathering and documentation of the Vulnerability Management Process for IOS. As Sophos replaces ClamAV as the on-demand anti-virus scanning tool for RHEL systems, perform ClamAV cleanup and removal from those systems. Complete conversion from ClamAV to Sophos on existing RHEL6 and RHEL7 hosts including the enabling of on-access file scanning for the RHEL7 hosts. Lock down generic/shared shell accounts and require users to login as themselves and then sudo to the shared account. Expand existing shell account management system to include review of sudo rules/access. Implement automated network security reviews of hosts (iptables/firewalld rules) by moving the management of iptables/firewalld to Ansible. Implement regular review and cleanup of network ACL/firewall rules for our systems. Perform regular operating system patching quarterly for all of our hosts. Adhere to the new ITS Vulnerability Management Program guidelines. Incorporate standard security benchmark standards (such as CIS, NIST, or other) into standard RHEL operating system builds. Implement a Splunk deployment system to allow for more standardized and efficient central management of Splunk log forwarding. Implement more secure, more complex shell account password rules for all of our Linux hosts. Migrate existing RHEL system build/customization scripts to Ansible. Continue to review Red Hat Insights reports and implement recommended actions to optimize system performance, stability, availability, and security. Continue to monitor and maintain compliance with PCI standards for impacted systems. 2

Continue to work with the operating system teams to implement Multi-Factor Authentication (MFA) for virtual machine infrastructure. Implement automated system hardening, reporting and remediation tools for virtual machines deployed within the ITS enterprise environment, utilizing the capabilities of vrops (vrealize Operations Suite). Work with the Information Security and Privacy Office to implement policies and procedures in regard to the protection and use of data stored within enterprise systems. This includes adhering to the new ITS Vulnerability Management Program guidelines. Goal 2: Ensure Operational Stability, Reliability, and Performance for ITS Enterprise Systems Continue rebuilding RHEL6 systems on RHEL7 in preparation for RHEL6 End of Life in 2020. Continue to create Splunk dashboards and reports to improve system monitoring and alerts for performance and security. Work with application owners to implement automated stop/start of applications when a server is booted or shut down. This allows for more streamlined patching processes and more resilient hosts/services. Complete the deployment of the IDPA (Integrated Data Protection Appliance) solution. Test the additional capabilities of our IDPA solution, including using Cloud Tier to extend the storage of the IDPA, as well as testing the cloud disaster recovery options to recover virtual machines and Oracle databases. Research and deploy, where possible, tools for virtual machine monitoring, application discovery, and predictive troubleshooting analytics. Research and deploy updated data protection and recovery strategies for ITS supported cloud infrastructure. Goal 3: Enhance Service Offerings and Improve Customer Experience Continue to implement Ansible to enhance automation in the environment. Extend the use of Ansible into more of the operating system patching, and server provisioning and deployment processes as well as virtual machine deployments. 3

Continue to introduce more public cloud-based virtual services for customers. Continue to support staff development/training efforts to ensure that staff are in the best position to provide value to internal and external customers. Research opportunities to utilize container technologies. Upgrade Mailman to version 3. Work with application owners and F5 administrators to implement F5 probes that monitor server files, allowing application owners or system administrators to trigger removal of a server from the F5 pool before planned maintenance begins. This will enhance customer experience by minimizing service disruption when individual servers are removed from the server pool for maintenance. Integrate existing on-premise virtual machine services that are offered as a private cloud with public cloud services, providing more options to meet different customer needs. Offer virtual machine services to select ITS customers from the Shaw building on campus, allowing the use of ITS VM services for applications requiring co-location in Shaw. Continue working with the College of Engineering to assist with the transition of their systems to the ITS Virtual Machine service. Work with all external customers of ITS Virtual Machine service to clarify roles and responsibilities. Work on future plans and enhancements (compliance retention, long term retention/archiving, cloud tiering, ability to store regulated data) for ITS enterprise file service. Perform needs assessment for DevOps environment within ITS. Goal 4: Support the University s Disaster Recovery Plan Continue to provide support for all of the systems and storage at the DR site. Keep the DR site up to date with patching and security updates as needed. Keep data synchronization for DR hosts up to date. Participate in DR testing and validation activities. Participate in planning for next phase/iteration of DR site and any changes in scope that result from the Business Impact Analysis scheduled to be done this fiscal year. Participate in planning and implementation of next generation DR site using public cloud services with changes in scope that resulted from the new Business Impact Analysis. Prepare for the planned vacating of the Atlanta Data Center. 4

Goal 5: Implement secure research computing environment in support of NIST 800-171 requirements Maintain secure cloud computing environment to provide infrastructure needs for research contracts that have NIST 800-171 compliance requirements. Ensure continued availability and security of NIST800-171 computing environment. Goal 6: Support ITS Initiatives to Operate According to ITIL Framework Adhere to established CRM case management guidelines. Continue to follow standardized change management practices. Use ServiceNow for change and project management. Perform effective long term planning for infrastructure to provide enhanced visibility for larger infrastructure refresh project needs. Track time by project/service to provide supporting information for chargeback and service evaluation. FSU Strategic Goals reference(s): Strategic Goals reference(s): FSU 2017-2022 Strategic Goals (Click Here for More) Goal I: Deepening Our Distinctive Commitment to Continuous Innovation Goal II: Amplifying Excellence Across our Academic and Research Programs Goal III: Realizing the Full Potential of Diversity and Inclusion Goal IV: Ensuring Student Success on Campus and Beyond Goal V: Preparing our Graduates for 21st Century Careers Goal VI: Investing Strategically in Our Institution and Reputation 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback