IT Security "Tip Of The Month"

The security team uses the Network Services contact database to authorize access to the vulnerability self-scanner, incident records, and other restricted content. Contact changes can only be made by those already in the database. Check your contact information at http://net-services.ufl.edu/cgi-bin/subnet-form.cgi. To request a change, use the form at https://net-services.ufl.edu/cgi-bin/submitRequest.cgi.

UF IT Security FAQ

Q: Does UF have a university-wide Information Technology Security Policy?: A: Yes. All UF units must comply with the IT security regulations at http://www.it.ufl.edu/policies/security/. Check with your Unit Information Security Manager (ISM) to determine if they require compliance to additional policies.
Q: How do I determine the ISM in my unit.: A: Many IT contacts can be found at https://net-services.ufl.edu/cgi-bin/subnet-form.cgi.
Q: Is there an office which monitors and enforces compliance with UF IT Security Regulations?: A: Yes; the UF IT Security Team reporting through Computing and Networking Services (CNS) to the UF Chief Information Officer (CIO) monitors for policy compliance. Their home page is http://infosec.ufl.edu/. The UF CIO enforces compliance. See http://www.it.ufl.edu/.
Q: What action should IT workers take if they become aware of an incident?: A: They must take immediate measures to contain the incident and minimize impact on other hosts and networks. If ufirt@ufl.edu notifies IT workers about incidents, a response should be sent the same business day.
Q: What enforcement provisions are contained in UF's IT Security Regulations?: A: "Unit administrators and IT workers who fail to adhere to this charter may be subject to penalties and disciplinary action, both within and outside the university." For further information, see: http://www.it.ufl.edu/policies/security/uf-it-sec-charter.html#enforcement.
Q: What should I do if I become aware of an "incident"?: A: That depends on the nature and scope of the incident. Detailed procedures are given at http://www.it.ufl.edu/policies/security/uf-it-sec-incident-response-rewrite.html#specific.
Q: What kind of immediate action can the central IT Security Team take if they become aware of an incident?: A: They can apply filters, access control lists (ACLs), and/or isolate the resource from the network.
Q: Is there a regulation regarding Data Security (Confidentiality, Integrity, Availability)?: A: Yes; http://www.it.ufl.edu/policies/security/uf-it-sec-data.html. The UF Privacy office also maintains regulations regarding private data at http://privacy.health.ufl.edu/.
Q: Are there specific polices governing Network/Host security?: A: Yes. There are detailed regulations covering Authentication, Software Security, Change Management, and many other aspects which apply to individual computers (including workstations) as well as to servers and to the network as a whole. See http://www.it.ufl.edu/policies/security/uf-it-sec-network.html.
Q: Do I have a specific role/responsibility within the UF IT Security Regulations?: A: Almost certainly. Whether you are a Unit Information Security Manager, or just responsibile for your own workstation, your roles and responsibilities are defined in the UF IT Security Regulations. See http://www.it.ufl.edu/policies/security/uf-it-sec-charter.html#roles.
Q: Are there regulations governing what outside entities (vendors, consultants, etc.) can do on and with UF IT Resources (including the network)?: A: Yes: Associates that manage IT resources on the UF network must be informed of UF IT security policies and sign an agreement to comply with them. For more information, see http://www.it.ufl.edu/policies/security/uf-it-sec-charter.html#resource-classification and http://www.it.ufl.edu/policies/security/uf-it-sec-network.html .
Q: How can I learn more about IT Security Regulations at UF?: A: Attend an IT Orientation Session. See http://www.cns.ufl.edu/itorientation.html for more information. Another valuable training opportunity is the "UF Acceptable Use Policy" workshop which is held periodically; see http://oak.circa.ufl.edu/~cittreg/describe.html?sectid=1330 .

	The UF Office of Information Technology Newsletter
	UF Information Technology Security "FAQ"