Policies and Guidelines

Departmental IT Best Practices - Securing Servers

Last Updated: April 15, 2011
Reviewed: January 11, 2010
Who does it apply to?
Departmental Management

Why is it important?
To secure computer equipment to ensure information assets are safeguarded.

Practices

Computer Location

What is it?
Choosing a location that provides for the security and environmental needs of the desktop.

WHAT NEEDS TO BE DONE:
Assess system needs in light of available locations.

Existing Guideline(s):

Data and Software Access Control

What is it?
Providing access to data based on users' need to know.

WHAT NEEDS TO BE DONE:
Assess the appropriate level of access to data for various departmental groups.

Existing Guideline(s):

Data Backup and Recovery

What is it?
Making copies of critical data so it can be recovered if the equipment it is stored on fails or some other catastrophic event occurs.

WHAT NEEDS TO BE DONE:
Make copies of critical files or databases so they may be recovered if the originals are no longer accessible.

Existing Guideline(s):

Login/Password

What is it?
Requiring unique logons and strong passwords for all users.

WHAT NEEDS TO BE DONE:
Set requirements for logons and passwords in alignment with university policy and criticality of data.

Existing Guideline(s):

Old Computer Equipment

What is it?
Disposing of old computer equipment appropriately.

WHAT NEEDS TO BE DONE:
Remove department information and licensed software prior to disposal.

Existing Guideline(s):

Physical Security

What is it?
Ensuring physical assets are secure.

WHAT NEEDS TO BE DONE:
Assess appropriate level of access to physical assets such as facilities, equipment, data media, and power supplies.

Existing Guideline(s):

Software Installation and Upgrades

What is it?
Installing and maintaining application software to ensure it is up-to-date in order to minimize security vulnerabilities.

WHAT NEEDS TO BE DONE:
Install the latest version of the application software, then ensure software patches and updates are applied in a timely fashion.

Existing Guideline(s):

System Monitoring

What is it?
Monitoring computer system logs in order to detect abnormal activity so it can be reported to IT Security.

WHAT NEEDS TO BE DONE:
When campus is not at an orange threat level, system monitoring is still essential but not required on a daily basis.

Existing Guideline(s):

System Software

What is it?
Installing and maintaining system software to maximize availability and accessibility, and minimize vulnerabilities.

WHAT NEEDS TO BE DONE:
Install the latest version of the system software, then ensure software patches and updates are applied in a timely fashion.

Existing Guideline(s):

Virus Protection