Return to: U of M Home |
| myU | One Stop | Directories | Search U of M | |
|
|
|||||||
|
|
|
|
STANDARDS & GUIDELINES GUIDELINE—Critical Server Identification (Appendix O)Responsible Office: Office of Information Technology GUIDELINE IntroductionIdentifying critical servers is an important part of the University's ongoing risk management and operational improvement initiatives, and is also related to our compliance obligations. OIT Security will work with departments to provide routine vulnerability scans and on a priority basis will consult with your technology staff to further improve security measures. It is important that computer and data owners identify critical servers. If in doubt, include the server. For this purpose, a server is a multi-user computer, which provides some service for other computers connected to it via a network. The most common examples are departmental/collegiate file servers, web servers, mail servers, and database servers. A "critical" server is important to accomplishing the University/collegiate unit/business unit mission or one which stores legally protected or other important non-public data. Note: Servers that store legally protected data are required to be identified by following the implementation steps below. Critical servers meet at least one of the following criteria: A. Data Criteria:
B. Level of impact if server unavailable:
C. Other Criteria:
To learn more about nonpublic data or data legally protected by HIPAA Privacy or legally protected Student data, see http://www.ahc.umn.edu/privacy/what/home.html ImplementationTo assist with collecting information on critical servers, the following can be used for tracking:
Units should include the IP addresses for the critical servers in their "Critical" asset group in Qualys. See Critical Server Scan Process. Questions, send e-mail to oit.security@umn.edu Resources and Links
|
|