Educause Security Discussion mailing list archives

Re: Policies on Server Installations

From: Frank Moore <moorefx () LONGWOOD EDU>
Date: Fri, 6 May 2005 09:46:52 -0400

Craig and group,

We have a similar quandry at my institution. We have now come to believe
that there may be legitimate reasons for servers out in the academic world.
We have a new professor coming in  in Computer Science who wants a server
and pc's networked to that server and the Internet so that his students get
to understand and play with the hardware. He will be isolated on his own
VLAN.

We have decided to tackle this issue by approving an Administrative Data
Security policy which will limit all production data with sensitive and
critical information (in particular data defined in HIPAA, FERPA and GLBA)
to residing on IT maintained servers. In addition, we are planning on server
hardening standards (required) University-wide. We also reserve the right to
audit all university servers.

Frank Moore

F. X. Moore III, Ph.D.
Assistant Vice President for Information Technology
Longwood University
201 High Street
Farmville, VA 23909

[434] 395-2034 voice
[434] 395-2035 fax


  _____

From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Drake, Craig
Sent: Friday, May 06, 2005 9:38 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Policies on Server Installations



I was wondering if anybody had any good examples of written policies
restricting the implementation and administration of Server systems to the
central IT Department.  We have had sort of an unwritten understanding that
all server systems are managed by our central Networking department, but we
would like to get it in writing as part of our overall IT Policies. If
anybody has any examples, please reply to the list or send them to me
directly.



Thank you,



Craig Drake

Networking and Distributed Services

Northeastern Illinois University

C-Drake () neiu edu



********** Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

Policies on Server Installations Drake, Craig (May 06)
- <Possible follow-ups>
- Re: Policies on Server Installations Frank Moore (May 06)