Tools and Resources
- HigherEd Cloud Vendor Assessment Tool (.XLS)
- Third Party Vendor VPN Access Form (PDF)
- Static IP Address Request (this is now a catalog item under Technology Infrastructure in ServiceNow Express)
- Open Firewall Port Request (this is now a catalog item under Technology Infrastructure in ServiceNow Express
Information Security Awareness and Training
CSU, Information Security Officer provides security awareness training on-campus also training materials designed to provide staff and faculty with the knowledge they need to secure information resources. Email email@example.com for information security training for your department.
Any device connected to an CSU network must meet the following security requirements:
- Patched and updated operating system
- Up-to-date antivirus
- Windows is configured to notify you when new updates are ready to download and install
- Windows firewall is enabled
- No network address translation device present
- No peer-to-peer software running
- No proxy running
Best Practices for connecting securely
- No workstations, should be left unattended and powered up when connected to the network. This is critical if the user is logged in with administrative privileges.
- Computers not in use should be shut down overnight. Besides conserving electricity, this limits the window of opportunity for hackers. However, if it is necessary to run nightly back-ups or periodic system updates, the computers must be left on. Less-frequent backups should be scheduled for a weeknight to minimize exposure. It also may not be practical to turn off lab computers at night, although they should be set up with sleep mode to conserve electricity.
- Unused software should be removed from computers. Users have a tendency to not patch software that they have not used in a long time and may even no longer be on the vendor's notification or update list if a vulnerability is discovered in the software.
- Systems Administrators should also consider the following when setting up systems:
- Unprotected Windows network shares can be exploited by intruders and the machines recruited into botnets. Windows network shares can be protected by reviewing both share and file system permissions and setting appropriately complex passwords.
- Because many instant-messaging clients allow for the exchange of executable code, they present risks similar to those of email clients. Users should be cautioned against exchanging files with unknown parties over instant messaging.
When practical, servers should be set up in a hardened (secure) systems configuration:
- Install the minimum essential operating system configuration - only those packages containing files and directories needed to operate the computer.
- After installation, remove all privileges and access authorizations. Then grant (add back in) privileges and access only as needed, following the principle of "deny first, then allow.” It is essential that all installations be performed first because any installation performed after privileges are removed can undo such removal and result in corrupted configuration.
- Ensure “test” or “guest” accounts are removed promptly when their use is no longer required.
- Enable as much system logging as possible to provide the detailed information needed for in-depth analysis of any intrusion.
- Grant access only by appropriately-authorized users.
Backup and Recovery
ITS utilizes multiple online backup vaults to store data. The data vaults are geographically spread out to ensure the survival of CSU's critical information. Each backup vault is a self contained unit. It requires no additional hardware or software to access its contents. ITS encourages end users to copy critical and sensitive data to shared drives for backing up.
Campus Edge firewall
A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in hardware, software, or a combination of both.
Encryption converts data into a secure form that can be safely moved around and helps CSU, Clayton meet its obligations under various data protection laws and policies. One of the most effective ways to protect personally identifiable or other confidential information stored on a computer is to encrypt it.
Vulnerability Management and Scanning
Vulnerability scans provide critical information to the Information Security Office and management as part of the risk assessment process for campus systems.
Secure Disposal of Paper / Shredding and Electronic Media
Any data storage medium - paper, computer, scanner, copier, hard drive, tablet, smartphone - should be treated as if it contained protected data and must be securely wiped prior to transfer or disposal.