The University's Executive Compliance Committee (ECC) has made a policy change that requires all commodity servers to be physically or virtually located in the University Data Center. Such a change helps to address a number of risks that the committee has been monitoring over the years. Note: The policy change has been published, but it will not be made effective until September 01, 2014.
Commodity servers are defined as systems providing basic information technology services to university affiliates (e.g., web services, mail services, file services, database services, directory services, collaboration services).
There were roughly 600 commodity servers identified as having high-volume activity that were located outside of the University Data Center. The ECC has asked the Information Security Office to work with each affected unit on the final disposition of each server.
- Collaboration Services
- Database Services (MySQL)
- Directory Services
- File Services (Storage)
- Mail Services
- Web Services
Collaboration Services
University Wiki Service
- Who can use University Wiki Service
- Requesting a Group, Project, or Departmental Wiki
- Atlassian's Confluence Wiki Documentation
Exception Process
https://security.utexas.edu/exception/
You should consider structuring your exceptions around the following:
http://security.utexas.edu/policies/irusp.html#section_5_19
- business case for exception
- physical controls for exception
- logical controls for exception
What is meant by logical controls?
According to the Information Security Office (ISO), logical security controls would consist of implementing permissions, logging, and auditing mechanisms for access to unattended systems. For example, physical access of the "server room" should have an Access Control System in place to track who has access to a particular area, and logs when an individual has entered the controlled area.