Educause Security Discussion mailing list archives
Re: SLA for Non IT Managed Server?
From: Martin Manjak <mm376 () ALBANY EDU>
Date: Wed, 13 Apr 2011 09:20:33 -0400
Kris, We require all server systems to comply with our Connecting Servers to the University Network standards <https://wiki.albany.edu/display/public/askit/Standards+for+Connecting+Servers+to+the+University+Network>. We scan on a monthly basis to identify servers and mandate that owners sign off on the standards, certifying that they are in compliance and verifying each of the services they are running. Marty On 4/12/2011 8:05 PM, Bates, Cathy C - (cbates) wrote:
Kris, We do not have an SLA, but we are in the midst of working with our first college on this very issue. Researchers who want to manage their own servers in the Engineering College will need to meet with the Dean and me (UISO) to make their case in terms of need and competency AND will have to have their server subject to periodic Qualys vulnerability scans to determine if they are maintaining a secure server. Cathy Cathy Bates University Information Security Officer Information Security Office | CC207 University of Arizona (520) 626-2399 cbates () email arizona edu http://security.arizona.edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kris Monroe Sent: Tuesday, April 12, 2011 5:01 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] SLA for Non IT Managed Server? Anyone have something like an SLA that they require by signed by a non IT owner of a server? For example, a Faculty member that wants to host a web server and a database server to support their research project. I could see the SLA outlining the faculty member is responsible for patching (OS, web server, database), hardening, limiting the database to the one they have discussed (that has no PII), is responsible for user accounts (including provisioning/deprovisioning), etc. And that changing of the agreed upon use requires a new or revised SLA. Thanks in advance! -Kris
-- Martin Manjak Information Security Officer University at Albany CISSP, GSEC, GCWN "What information consumes...is the attention of its recipients." Herbert Simon, 1971
Current thread:
- Do you have a recommendation for Streaming Video Service and Media Storage Repository? Nick Recchia (Apr 05)
- Re: Do you have a recommendation for Streaming Video Service and Media Storage Repository? Kevin Halgren (Apr 06)
- third party pentesting services and pentesting RFP Youngquist, Jason R. (Apr 07)
- Re: third party pentesting services and pentesting RFP Jeff Howlett (Apr 07)
- Re: third party pentesting services and pentesting RFP Brian J Smith-Sweeney (Apr 08)
- Re: third party pentesting services and pentesting RFP Leilani Lauger (Apr 12)
- Re: Do you have a recommendation for Streaming Video Service and Media Storage Repository? Gioia, Matthew P. (Apr 07)
- third party pentesting services and pentesting RFP Youngquist, Jason R. (Apr 07)
- SLA for Non IT Managed Server? Kris Monroe (Apr 12)
- Re: SLA for Non IT Managed Server? Bates, Cathy C - (cbates) (Apr 12)
- Re: SLA for Non IT Managed Server? Martin Manjak (Apr 13)
- Re: SLA for Non IT Managed Server? Semmens, Theresa (Apr 13)
- Re: SLA for Non IT Managed Server? Bates, Cathy C - (cbates) (Apr 12)
- Re: Do you have a recommendation for Streaming Video Service and Media Storage Repository? Kevin Halgren (Apr 06)