Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Centralized security administration

From: Bob Kehr <rskehr () UCDAVIS EDU>
Date: Thu, 17 Aug 2006 09:04:11 -0700
General SysAdmin at our university is very decentralized. The current
approach is "policy" in conjunction with reporting, scanning, and IDS.

http://security.ucdavis.edu/cybersafety.cfm
http://manuals.ucdavis.edu/ppm/310/310-21.htm - note IV.B
http://security.ucdavis.edu/vuln_resources.cfm
http://www.ucop.edu/irc/itlc/sautter/ucd_2005_winner.html

-Bob Kehr



-----Original Message-----
From: Hunt,Keith A [mailto:keith () UAKRON EDU]
Sent: Thursday, August 17, 2006 8:20 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Centralized security administration

I was having a conversation with our CIO recently about the difficulties
faced by a central IT department asked to assume responsibility for the
security posture of servers owned and managed by non-IT departments.

He asked me how other universities address this issue. So here I am asking
you kind folks.

Have you been able to establish effective policies and procedures that
provide for central IT personnel to oversee the security aspects of non-IT
devices (especially servers and network equipment)?  Have you developed some
other approach that works better? How do you reconcile the need for
decentralized systems/network admin functions with the need for an
enterprise approach to security?

TIA

--
Keith Hunt  330.972.7968  keith () uakron edu Internet & Server Systems The
University of Akron
Previous By Date Next
Previous By Thread Next

Current thread: