RATIONALESystem security encompasses all facets of accessing information assets. From authentication, to software updates, anti-virus protection, and modifications - security is a key component to a device operating at its optimum. These best practices help to mitigate various security concerns.
Best Practice: Use Change Management Procedures
Best Practice: Utilize system logs for audit trails
To help with the log management, common security practices include the use of a log aggregation solution and deploying a security information and event management (SIEM) tool. Aggregating all system logs into one solution, and utilizing features such as monitoring and alerting for anomalies in the logs can help identity problems quicker for system administrators.
Best Practice: Utilize data classification
Identifying the type of data collected, stored, and transmitted will help in identifying controls to be utilized to secure the information assets of an institution. Some data must be classified as confidential due to federal regulations, while other data might be classified public or directory information. Security controls utilized will be stronger for confidential data than those for public information. Data classification can help institutions to prioritize security efforts.
Best Practice: Vendors must follow the institution's policies and standards
There are times when an institution contracts with a third party or vendor to provide services to the university. The vendor should comply to the same commitment of security to the institution's information assets as the institution's employees. The institution's commitment to the confidentiality, integrity, and accessibility of their information assets must extend to any and all information that a third party or vendor may access or manage. Vendor agreements should be managed to include these standards.
Best Practice: Implement and follow patch management strategy
All software requires regular maintenance to maintain its peak functionality. As technology manufacturers are made aware of problem areas in their product(s), they release a patch, update, or service pack. These ‘patches’ can range from fixing simple cosmetic problems (low impact) to resolving an issue that would allow full control of the system from an unauthorized source (critical impact). An institution should deploy a process for patch management on critical infrastructure and services.
The University of Nebraska-Lincoln has several resources that support the use of these best practices:
UNL requires the use of the VPN before connecting to an office computer, and some information systems. For more information, check out Use VPN for Remote Desktop access.
UNL utilizes Splunk for log aggregation and SIEM. For information about utilizing Splunk, contact the security office.
For UNL's data classification guidelines, go to UNL Data Classification.