To use the following procedures, first determine the risk level by reviewing the data classification policy and selecting the highest applicable risk designation.
Standards | Recurring Task | What to do | Low Risk | Moderate Risk | High Risk |
---|---|---|---|---|---|
Patching | Apply security patches either automatically, or within time limit. | ||||
Whole Disk Encryption | Enable appropriate technology. E.g., BitLocker (Windows), FileVault (OSX), Unix or mobile-specific encryption. | ||||
Malware Protection | Install antivirus . | ||||
Access Control | Integrate device into AD or Shibboleth as appropriate, otherwise implement UB Password Policy. | ||||
Firewall | Enable host-based firewall in default deny inbound mode and only permit necessary services. | ||||
Backups | Backup data at least daily using Storage Protect or UBbox. | ||||
Inventory | Register device in Lansweeper (or dept-provided tool). | ||||
Vulnerability Management | Register for Nexpose scanning service. | ||||
Centralized Logging | Forward logs to central logging service. | ||||
End User Security Training | Enroll in UB EDGE training. | ||||
Intrusion Detection | Enroll in UB EDGE training. | ||||
Physical Protection | Place device in a datacenter or controlled location. | ||||
Security Assessment | Request a review by the Information Security Office |
Service | Low Risk | Moderate Risk | High Risk: Non-ePHI1 | High Risk: ePHI2 |
---|---|---|---|---|
Audio and Video Conferencing: Zoom | ||||
Backups: Central Backups | ||||
Calendar: Microsoft Exchange | ||||
Cloud Infrastructure: Self-Selected (No official cloud partner yet) | ||||
Content Management: UBCMS | ||||
Content Management: Drupal, Wordpress | ||||
Database Hosting: MSSQL, Oracle, MySQL | ||||
Document Management: UBbox | ||||
Document Management: UBFS (CIFS, NFS) | ||||
Document Management: Dropbox, Google Docs, Google Drive, Office 365 OneDrive | ||||
Document Imaging: ImageNOW | ||||
Electronic Signature: AdobeSign, DocuSign | ||||
Email: UBmail for students | ||||
Email: UBmail for faculty and staff | ||||
Email: Personal Email Services | ||||
Encryption: BitLocker, Filevault, PGP WDE | ||||
Instant Messaging: Jabber | ||||
Issue Tracking: RemedyForce | ||||
Shared Computing: UBVCL | ||||
Voice Messaging (VOIP) | ||||
VPN | ||||
Web Programming Environment (Openshift) | ||||
Wiki: Confluence |