Educause Security Discussion mailing list archives
Re: SLA for Non IT Managed Server?
From: "Semmens, Theresa" <theresa.semmens () NDSU EDU>
Date: Wed, 13 Apr 2011 08:23:40 -0700
NDSU requires that servers be approved and registered if they are not centrally managed. The URL provides more information, along with the policy and procedure that back this. http://www.ndsu.edu/its/ndsu_server_registration/ Theresa Semmens, CISA Chief IT Security Officer North Dakota State University IACC 210D PO Box 6050 Fargo, ND 58108 Phone: 701-231-5870 Cell Phone: 701-212-2064 Fax: 701-231-8541 Theresa.Semmens () ndsu edu Security is a process, privacy is a consequence Security is action, privacy is a result of successful action Security is the strategy, privacy is the outcome Security is the sealed envelope, privacy is the successful delivery of the message inside the envelope ~ Kevin Beaver & Rebecca Herold -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Martin Manjak Sent: Wednesday, April 13, 2011 8:21 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] SLA for Non IT Managed Server? Kris, We require all server systems to comply with our Connecting Servers to the University Network standards <https://wiki.albany.edu/display/public/askit/Standards+for+Connecting+Servers+to+the+University+Network>. We scan on a monthly basis to identify servers and mandate that owners sign off on the standards, certifying that they are in compliance and verifying each of the services they are running. Marty On 4/12/2011 8:05 PM, Bates, Cathy C - (cbates) wrote:
Kris, We do not have an SLA, but we are in the midst of working with our first college on this very issue. Researchers who want to manage their own servers in the Engineering College will need to meet with the Dean and me (UISO) to make their case in terms of need and competency AND will have to have their server subject to periodic Qualys vulnerability scans to determine if they are maintaining a secure server. Cathy Cathy Bates University Information Security Officer Information Security Office | CC207 University of Arizona (520) 626-2399 cbates () email arizona edu http://security.arizona.edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kris Monroe Sent: Tuesday, April 12, 2011 5:01 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] SLA for Non IT Managed Server? Anyone have something like an SLA that they require by signed by a non IT owner of a server? For example, a Faculty member that wants to host a web server and a database server to support their research project. I could see the SLA outlining the faculty member is responsible for patching (OS, web server, database), hardening, limiting the database to the one they have discussed (that has no PII), is responsible for user accounts (including provisioning/deprovisioning), etc. And that changing of the agreed upon use requires a new or revised SLA. Thanks in advance! -Kris
-- Martin Manjak Information Security Officer University at Albany CISSP, GSEC, GCWN "What information consumes...is the attention of its recipients." Herbert Simon, 1971
Current thread:
- Do you have a recommendation for Streaming Video Service and Media Storage Repository? Nick Recchia (Apr 05)
- Re: Do you have a recommendation for Streaming Video Service and Media Storage Repository? Kevin Halgren (Apr 06)
- third party pentesting services and pentesting RFP Youngquist, Jason R. (Apr 07)
- Re: third party pentesting services and pentesting RFP Jeff Howlett (Apr 07)
- Re: third party pentesting services and pentesting RFP Brian J Smith-Sweeney (Apr 08)
- Re: third party pentesting services and pentesting RFP Leilani Lauger (Apr 12)
- Re: Do you have a recommendation for Streaming Video Service and Media Storage Repository? Gioia, Matthew P. (Apr 07)
- third party pentesting services and pentesting RFP Youngquist, Jason R. (Apr 07)
- SLA for Non IT Managed Server? Kris Monroe (Apr 12)
- Re: SLA for Non IT Managed Server? Bates, Cathy C - (cbates) (Apr 12)
- Re: SLA for Non IT Managed Server? Martin Manjak (Apr 13)
- Re: SLA for Non IT Managed Server? Semmens, Theresa (Apr 13)
- Re: SLA for Non IT Managed Server? Bates, Cathy C - (cbates) (Apr 12)
- Re: Do you have a recommendation for Streaming Video Service and Media Storage Repository? Kevin Halgren (Apr 06)