A new project within ITS that is meant to increase server security and protect confidential data of students, staff, and faculty alike is the Risk Management Program (RMP).
Currently, the University and Information Security Office have implemented an initiative, secureU, which addresses individual security threats. RMP, as a whole, is a more high-level initiative focused on the critical needs to protect server data and provide effective solutions to address server specific security risks and issues.
While secureU is focused on protecting individual computers from potential risks, the RMP initiative is focused on University-wide server protection.
RMP will either eliminate or greatly reduce the possibility of key risks that could potentially translate to major issues that would compromise server and data security. Such issues would include the loss of data, such as personally identifiable information (PII; e.g. SNN numbers), which could potentially harm and sully the University’s reputation; compliance and regulatory failures, which could lead to fines and thus have a negative financial impact; and data corruption, which could lead administrators to make faulty and costly decisions.
ITS maintains and secures approximately 800 servers on campus. There are an additional 750 to 1,000 servers that use the University’s network and that are not wholly monitored or secured, thus allowing for the potential of data breaches, intrusions, and complete network shutdowns. RMP will address such issues and create a more stable, protected, and secure network for the entire University population.
Some of the specific features and security issues that will be addressed by RMP will be the creation of a comprehensive server inventory, the implementation of firewall policies that will restrict unintended connections to desktops and servers, University-wide server and application vulnerability scanning, and the installation of Splunk, a log collection agent, onto all University servers.
ITS plans to rollout RMP in four phases and is planned to be fully operational and implemented by December 2013.
For further information regarding the RMP project, please contact the project head, Mick DiGrazia, at firstname.lastname@example.org.
This article, by Tim Williams, first appeared in the January 2, 2013 issue of Project Weeklies, the newsletter of the ITS Project Management Office.