Educause Security Discussion mailing list archives
Re: SLA for Non IT Managed Server?
From: "Bates, Cathy C - (cbates)" <cbates () EMAIL ARIZONA EDU>
Date: Tue, 12 Apr 2011 17:05:15 -0700
Kris, We do not have an SLA, but we are in the midst of working with our first college on this very issue. Researchers who want to manage their own servers in the Engineering College will need to meet with the Dean and me (UISO) to make their case in terms of need and competency AND will have to have their server subject to periodic Qualys vulnerability scans to determine if they are maintaining a secure server. Cathy Cathy Bates University Information Security Officer Information Security Office | CC207 University of Arizona (520) 626-2399 cbates () email arizona edu http://security.arizona.edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kris Monroe Sent: Tuesday, April 12, 2011 5:01 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] SLA for Non IT Managed Server? Anyone have something like an SLA that they require by signed by a non IT owner of a server? For example, a Faculty member that wants to host a web server and a database server to support their research project. I could see the SLA outlining the faculty member is responsible for patching (OS, web server, database), hardening, limiting the database to the one they have discussed (that has no PII), is responsible for user accounts (including provisioning/deprovisioning), etc. And that changing of the agreed upon use requires a new or revised SLA. Thanks in advance! -Kris -- Stay Safe Online! Visit ithaca.edu/ICinfosec for the latest cyber security tips. -- Kris Monroe, CISSP, CISA Information Security Officer Ithaca College email: kmonroe () ithaca edu P: 607.274.1997
Current thread:
- Do you have a recommendation for Streaming Video Service and Media Storage Repository? Nick Recchia (Apr 05)
- Re: Do you have a recommendation for Streaming Video Service and Media Storage Repository? Kevin Halgren (Apr 06)
- third party pentesting services and pentesting RFP Youngquist, Jason R. (Apr 07)
- Re: third party pentesting services and pentesting RFP Jeff Howlett (Apr 07)
- Re: third party pentesting services and pentesting RFP Brian J Smith-Sweeney (Apr 08)
- Re: third party pentesting services and pentesting RFP Leilani Lauger (Apr 12)
- Re: Do you have a recommendation for Streaming Video Service and Media Storage Repository? Gioia, Matthew P. (Apr 07)
- third party pentesting services and pentesting RFP Youngquist, Jason R. (Apr 07)
- SLA for Non IT Managed Server? Kris Monroe (Apr 12)
- Re: SLA for Non IT Managed Server? Bates, Cathy C - (cbates) (Apr 12)
- Re: SLA for Non IT Managed Server? Martin Manjak (Apr 13)
- Re: SLA for Non IT Managed Server? Semmens, Theresa (Apr 13)
- Re: SLA for Non IT Managed Server? Bates, Cathy C - (cbates) (Apr 12)
- Re: Do you have a recommendation for Streaming Video Service and Media Storage Repository? Kevin Halgren (Apr 06)