Educause Security Discussion mailing list archives
Re: Centralized security administration
From: "Hunt,Keith A" <keith () UAKRON EDU>
Date: Fri, 18 Aug 2006 13:40:21 -0400
Hello Bob, Some really good stuff there. Any idea how much effort to develop the policies, guidelines, surveys, etc and keep it all up to date? And would you mind if I used some of it as a guide for something similar here? A question about the Level 1 and Level 2 practices: why did physical security get bumped down to Level 2? I would consider that very basic, and also one of the easier problems to fix. -- Keith
-----Original Message----- From: Bob Kehr [mailto:rskehr () ucdavis edu] Sent: Thursday, August 17, 2006 12:04 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Centralized security administration General SysAdmin at our university is very decentralized. The current approach is "policy" in conjunction with reporting, scanning, and IDS. http://security.ucdavis.edu/cybersafety.cfm http://manuals.ucdavis.edu/ppm/310/310-21.htm - note IV.B http://security.ucdavis.edu/vuln_resources.cfm http://www.ucop.edu/irc/itlc/sautter/ucd_2005_winner.html -Bob Kehr -----Original Message----- From: Hunt,Keith A [mailto:keith () UAKRON EDU] Sent: Thursday, August 17, 2006 8:20 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Centralized security administration I was having a conversation with our CIO recently about the difficulties faced by a central IT department asked to assume responsibility for the security posture of servers owned and managed by non-IT departments. He asked me how other universities address this issue. So here I am asking you kind folks. Have you been able to establish effective policies and procedures that provide for central IT personnel to oversee the security aspects of non-IT devices (especially servers and network equipment)? Have you developed some other approach that works better? How do you reconcile the need for decentralized systems/network admin functions with the need for an enterprise approach to security? TIA -- Keith Hunt 330.972.7968 keith () uakron edu Internet & Server Systems The University of Akron
Current thread:
- Centralized security administration Hunt,Keith A (Aug 17)
- <Possible follow-ups>
- Re: Centralized security administration Bob Kehr (Aug 17)
- Re: Centralized security administration Sadler, Connie (Aug 17)
- Re: Centralized security administration Tom Davis (Aug 18)
- Re: Centralized security administration Hunt,Keith A (Aug 18)
- Re: Centralized security administration Hunt,Keith A (Aug 18)
- Re: Centralized security administration Valdis Kletnieks (Aug 18)
- Re: Centralized security administration Sadler, Connie (Aug 18)
- Re: Centralized security administration Hunt,Keith A (Aug 18)
- Re: Centralized security administration Robert Ono (Aug 18)
- Re: Centralized security administration Valdis Kletnieks (Aug 18)
- Re: Centralized security administration Cal Frye (Aug 18)
- Re: Centralized security administration Harold Winshel (Aug 18)
- Re: Centralized security administration Geoff Nathan (Aug 19)