Implementing a System-Wide Risk Mitigation Policy (288219183)
Transcript of Implementing a System-Wide Risk Mitigation Policy (288219183)
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 1/94
Policy IT-28 Planne
Name of Unit Enter the name of your school or department
Unit Head Enter the full name of the Dean, Director, or top executive
Type of Unit Academic
Submitted by Typically, the highest ranking IT professional will submit
Secondary contact ptional, but should be someone well!informed about IT!"#
Date of Submission
Are you a Group-leel IT Serice proider!Defned as providing any IT services to more than 1 unit, including academic units, administrative unit
If proidin" IT Serices to more t#an one unit$ please list all units for %#ic
Are any of your unit&s IT serices proided ' mana"ed by a Group-leel IT P
If yes$ %#at proider!
Please note that fnal submission o this documentation should include all
IT Planner, version 1.9.24.13
I yes, please ans!er the ollo!ing !or"sheets only or services that are managed in your una plan or the services they provide.
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 2/94
cer for your department
, and research centers
IT support is proided
roider!
IT services supported within the unit.
it. #e sure to veriy that your $roup%level IT Provider su&mits
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 3/94
* Please only include servers, devices that behave like a serve
To re&uest a scan of static I' addresses in your building(s), click here
Hard%are Type Host Name Primary (unction*
"
+
-
.
/
#
0
*1
**
*"
*+
*
*-
*.
*/
*#
*0
"1
"*""
"+
"
"-
".
"/
"#
"0
+1
+*
+"
++
+
+-
+.
+/
+#
+0
1
Item
No)
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 4/94
*
"
+
-
.
/#
0
-1
-*
-"
-+
-
--
-.
-/
-#-0
.1
.*
."
.+
.
.-
..
./
.#
.0
/1
/*
/"
/+
/
/-
/.
//
/#
/0#1
#*
#"
#+
#
#-
#.
#/
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 5/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 6/94
Environmental $can of IT Assets%, or devices that store any data that you suspect may be protected b
Secondary (unction Description
Indiiduals %' Priile"ed
Access
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 7/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 8/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 9/94
privacy laws or policies
*peratin" System *t#er IP Addresses
Serice
+riticality
Primary IP
Address
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 10/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 11/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 12/94
P#ysical ,ocation irtuali.ed
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 13/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 14/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 15/94
*t#er /ey +#aracteristics or
+omments
Data 0ncrypted at
1est
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 16/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 17/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 18/94
These Columns Not e!uired or IT"#$ Co
Does t#e Serer Site#ind a Hard%are
(ire%all!
Do Antiirus Scans
Ta3e Place!
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 19/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 20/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 21/94
pliance. ecommended or %epartmental Trackin& o IT"'# Controls
Patc# 4ana"ement Procedures Serer Has UPS
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 22/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 23/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 24/94
Is Serer ac3ed Up! ac3up 4et#od'(re5uency
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 25/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 26/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 27/94
*6site ac3up ,ocation
*6site ac3up ,o"ical
Security +ontrols
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 28/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 29/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 30/94
*6site ac3up P#ysical
Security +ontrols
ac3up Testin" (re5uence
and 4et#od
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 31/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 32/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 33/94
*nsite ac3up ,ocation
*nsite ac3up ,o"ical
Security
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 34/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 35/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 36/94
*nline ac3up P#ysical
Security
*nsite ac3up Testin"
(re5uency and 4et#od
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 37/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 38/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 39/94
(re5uency ofac3up'1estoration ,o"s
1eie%ed
Is t#e serer bein" scanned
by a ulnerability scanner!
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 40/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 41/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 42/94
Is %eb application bein"
scanned by a %eb scanner!
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 43/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 44/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 45/94
Item No) ' Type ' Host
*2 3"2 3
+2 3
2 3
-2 3
.2 3
/2 3
#2 3
02 3
*12 3
**2 3*"2 3
*+2 3
*2 3
*-2 3
*.2 3
*/2 3
*#2 3
*02 3
"12 3
"*2 3
""2 3"+2 3
"2 3
"-2 3
".2 3
"/2 3
"#2 3
"02 3
+12 3
+*2 3
+"2 3
++2 3
+2 3
+-2 3
+.2 3
+/2 3
+#2 3
+02 3
12 3
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 46/94
*2 3
"2 3
+2 3
2 3
-2 3
.2 3
/2 3#2 3
02 3
-12 3
-*2 3
-"2 3
-+2 3
-2 3
--2 3
-.2 3
-/2 3
-#2 3-02 3
.12 3
.*2 3
."2 3
.+2 3
.2 3
.-2 3
..2 3
./2 3
.#2 3
.02 3
/12 3
/*2 3
/"2 3
/+2 3
/2 3
/-2 3
/.2 3
//2 3
/#2 3
/02 3#12 3
#*2 3
#"2 3
#+2 3
#2 3
#-2 3
#.2 3
#/2 3
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 47/94
##2 3
#02 3
012 3
0*2 3
0"2 3
0+2 3
02 30-2 3
0.2 3
0/2 3
0#2 3
002 3
*112 3
*1*2 3
*1"2 3
*1+2 3
*12 3
*1-2 3*1.2 3
*1/2 3
*1#2 3
*102 3
**12 3
***2 3
**"2 3
**+2 3
**2 3
**-2 3
**.2 3
**/2 3
**#2 3
**02 3
*"12 3
I you insert more ro!s, &e sure to copy ormatti
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 48/94
Data Analysis
7#at is t#e #i"#est classication ofdata stored on t#is item!4lick for more info
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 49/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 50/94
g and ormulas
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 51/94
7#ic# of t#e follo%in" best describes t#e#i"#est classication of data stored on t#isitem!4lick for more info
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 52/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 53/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 54/94
Item No) ' Type ' Host
*2 3 !
"2 3 !
+2 3 !
2 3 !
-2 3 !
.2 3 !
/2 3 !
#2 3 !02 3 !
*12 3 !
**2 3 !
*"2 3 !
*+2 3 !
*2 3 !
*-2 3 !
*.2 3 !
*/2 3 !
*#2 3 !
*02 3 !
"12 3 !
"*2 3 !
""2 3 !
"+2 3 !
"2 3 !
"-2 3 !
".2 3 !
"/2 3 !
"#2 3 !
"02 3 !
+12 3 !
+*2 3 !
+"2 3 !
++2 3 !
+2 3 !
+-2 3 !
+.2 3 !
5ased on the 6actor Analysis of information 7isk (6AI7) model
Data+lassication
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 55/94
+/2 3 !
+#2 3 !
+02 3 !
12 3 !
*2 3 !
"2 3 !
+2 3 !2 3 !
-2 3 !
.2 3 !
/2 3 !
#2 3 !
02 3 !
-12 3 !
-*2 3 !
-"2 3 !
-+2 3 !
-2 3 !--2 3 !
-.2 3 !
-/2 3 !
-#2 3 !
-02 3 !
.12 3 !
.*2 3 !
."2 3 !
.+2 3 !
.2 3 !
.-2 3 !
..2 3 !
./2 3 !
.#2 3 !
.02 3 !
/12 3 !
/*2 3 !
/"2 3 !
/+2 3 !
/2 3 !
/-2 3 !/.2 3 !
//2 3 !
/#2 3 !
/02 3 !
#12 3 !
#*2 3 !
#"2 3 !
#+2 3 !
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 56/94
#2 3 !
#-2 3 !
#.2 3 !
#/2 3 !
##2 3 !
#02 3 !
012 3 !0*2 3 !
0"2 3 !
0+2 3 !
02 3 !
0-2 3 !
0.2 3 !
0/2 3 !
0#2 3 !
002 3 !
*112 3 !
*1*2 3 !*1"2 3 !
*1+2 3 !
*12 3 !
*1-2 3 !
*1.2 3 !
*1/2 3 !
*1#2 3 !
*102 3 !
**12 3 !
***2 3 !
**"2 3 !
**+2 3 !
**2 3 !
**-2 3 !
**.2 3 !
**/2 3 !
**#2 3 !
**02 3 !
*"12 3 !
I you insert more ro!s, &e sure to copy ormatting and ormulas
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 57/94
Type
and 8I$T #11!+1
Pri
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 58/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 59/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 60/94
1is3 Assessment
ary threat for this service
(ull Description (feel free to use as a 4omment 9eld)T#reat 0ent(re5uency 9T0(:
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 61/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 62/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 63/94
(re5uency and +apacity
Describe rationalfor t#is ratin"
T#reat+apacity9T+ap:
Describe rational for t#isratin"
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 64/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 65/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 66/94
+ontrols 1is3 Assess
+ompensatin"+ontrol
Stren"t# 9+S: Describe controls 9clic3 to s ulnerability9uln:
,oss 0ent(re5uency9,0(:
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 67/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 68/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 69/94
ent
4a"nitudeSeere <;=$===$=== --
:igh ;*,111,111 ;0,000,000
$igni9cant ;*11,111 ;000,000
<oderate ;*1,111 ;00,000
=ow ;*,111 ;0,000
>ery =ow ;1 ;000
Probable ,oss4a"nitude 9Seetable at ri"#t:
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 70/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 71/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 72/94
Item No) ' Type ' Host
*2 3"2 3
+2 3
2 3
-2 3
.2 3
/2 3
#2 3
02 3
*12 3
**2 3*"2 3
*+2 3
*2 3
*-2 3
*.2 3
*/2 3
*#2 3
*02 3
"12 3
"*2 3
""2 3"+2 3
"2 3
"-2 3
".2 3
"/2 3
"#2 3
"02 3
+12 3
+*2 3
+"2 3
++2 3
+2 3
+-2 3
+.2 3
+/2 3
+#2 3
+02 3
12 3
ulnerability9uln:
,oss 0ent(re5uency 9,0(:
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 73/94
*2 3
"2 3
+2 3
2 3
-2 3
.2 3
/2 3#2 3
02 3
-12 3
-*2 3
-"2 3
-+2 3
-2 3
--2 3
-.2 3
-/2 3
-#2 3-02 3
.12 3
.*2 3
."2 3
.+2 3
.2 3
.-2 3
..2 3
./2 3
.#2 3
.02 3
/12 3
/*2 3
/"2 3
/+2 3
/2 3
/-2 3
/.2 3
//2 3
/#2 3
/02 3#12 3
#*2 3
#"2 3
#+2 3
#2 3
#-2 3
#.2 3
#/2 3
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 74/94
##2 3
#02 3
012 3
0*2 3
0"2 3
0+2 3
02 30-2 3
0.2 3
0/2 3
0#2 3
002 3
*112 3
*1*2 3
*1"2 3
*1+2 3
*12 3
*1-2 3*1.2 3
*1/2 3
*1#2 3
*102 3
**12 3
***2 3
**"2 3
**+2 3
**2 3
**-2 3
**.2 3
**/2 3
**#2 3
**02 3
*"12 3
I you insert more ro!s, &e sure to copy ormatting and ormulas
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 75/94
Transition 'lanning
Are you plannin" to moe t#isserice to a UITS Serice as partof your IT-28 plan!
If No$ please proide briefe>planation
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 76/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 77/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 78/94
7#ere do you plan to moe 9or#ae already moed: t#is item!
If Group-,eel proider$please identify %#ic# "roup
0stimated4oe Date
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 79/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 80/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 81/94
1esource
4o!locationIntelligent Infrastructure
4:E
?ebserve
?4<$
4ollaborative $torage
7esearch $torage
7esearch 4omputing
Database Admin $ervices
$ystem Admin $ervices
Enterprise 'rint $ervicesEnterprise $44<
@roup!=evel $olution
ther
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 82/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 83/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 84/94
Denition
$hare'oint, 5ox
8ot yet available8ot yet available
Any IT service that is provided to multiple units by a single IT group
'hysically re!locate servers to racks in the data center:osted server >< service (II and II!5asic)
4onsolidated :osting Environment (<icrosoft platform ! II$, 28et, 4oldfusion)
4entral web platform (=A<')
4ascase $erver solution for 4<$
76$, $DA
5ig 7ed II, uarry, <ason, 7esearch Database 4omplex, B$EDE
4omprehensive, virtualiCed hosting solutions
4omprehensive, virtualiCed hosting solutions
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 85/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 86/94
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 87/94
Denition of Terms
Hard%are Types Denition
$erver Any computer device, physical or virtu
Desktoplaptop
8etwork :? =ist only network hardware that stores
'rinter <ulti!function printercopier that, beca4amera
(unctions Denition
6ile $haring The computing device is con9gured to
'rint $haring The computing device is con9gured to
?eb $erver The computing device is serving :T<=
?eb 4ontent <gmt The computing device runs software d
Email $erver The computing device receives, stores,
Database $erver The computing device runs server!side
'atch>irus <gmt The computing device is used to distri
4ustom App (Describe) Any custom!built applications that coll>ended App (Describe) Any vended applications that collect p
Test or Dev $erver 8on!production server used for testing
Types of Data
$tudent grades
:7 records
4redit card numbers
Electronic protected health information
6inancial data
Donor info
6ederal grantcontract data
1is3 Analysis
4a"nitudeSeere <;=$===$===
:igh ;*,111,111
$igni9cant ;*11,111
<oderate ;*1,111
=ow ;*,111
Any computing device, physical or virt
T#reat 0ent (re5uency?(ow oten does the threat)knock at your door)
ery Hi"# 9H:3 G *11 timesyr
Hi"# 9H:3 5etween *1 and *11 timesyr
4oderate 94:3 5etween * and * timesyr
,o% 9,:3 5etween 2* and * timesyr
ery ,o% 9,:3 H2* times per year (less than once in *1 years)
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 88/94
>ery =ow ;1
1esource Denition
4o!location
Intelligent Infrastructure
4:E?ebserve
?4<$
4ollaborative $torage $hare'oint, 5ox
7esearch $torage
7esearch 4omputing
Database Admin $ervices
$ystem Admin $ervices
Enterprise 'rint $ervices 8ot yet available
Enterprise $44< 8ot yet available
@roup!=evel $olution Any IT service that is provided to multi
ther
'hysically re!locate servers to racks in
:osted server >< service (II and II!5asi
4onsolidated :osting Environment (<i4entral web platform (=A<')
4ascase $erver solution for 4<$
76$, $DA
5ig 7ed II, uarry, <ason, 7esearch Da
4omprehensive, virtualiCed hosting sol
4omprehensive, virtualiCed hosting sol
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 89/94
al, running a server operati
data, such as an ID$ or pro
use it stores data, poses so
share 9les with one or mor
share access to one or mor
9les andor actively listeni
signed for end user to ma
and forwards electronic m
database systems, such a
ute manage security patc
ct personal data via a webrsonal data via a web form
and development
Denition or 4ore Info ,
--
;0,000,000
;000,000
;00,000
;0,000
al, running a desktop oper
4lick for more info
4lick for more info
4lick for more info
T#reat +apacity? I the
ery Hi"# 9H:3 'robable
Hi"# 9H:3 'robable impact
4oderate 94:3 'robable i
,o% 9,:3 'robable impact
ery ,o% 9,:3 'robable i
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 90/94
;000
ple units by a single IT grou
the data center
c)
rosoft platform ! II$, 28et,
tabase 4omplex, B$EDE
utions
utions
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 91/94
g system
y server
e risk2 <ost printers probably dont need to be inventoried
other computing devices
printers, either physically attached or across the network
g on ports #1, +, #1#1, or other common web server ports
age and update web content
il and acts as a host for end users to access their Inboxes
<$ $=, racle, etc2
hes andor anti!virus software pattern 9les
form, or that provide mission!critical services to your unit, or that provide mission!critical services to your unit
in3
ting system AND hosting resources that other computers can access across the net
hreat happens, how bad is it likely to be+ontrol Sdoin& to
impact of threat is in the top " when compared to other threats
of threat is in the top *. when compared to other threats
pact of threat is of average capacity
f threat is in the bottom *. when compared to other threats
pact of threat is in the bottom " when compared to other threats
'our estimate o magnitude may eel li"e a !ild guess, &ut try tothin" a&out the !orst%case scenario. I a mission%critical system!as do!n or several !ee"s !hile you re&uilt it (due to any reason),!hat !ould it cost your unit in terms o lost productivity* +osttuition* +ost revenue* +ost grant opportunities* +oss o trust andreputation* In an academic unit, sliding do!n several positions innational ran"in s has a tan i&le cost in terms o enrollment and the
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 92/94
p
attraction o top talent.
oldfusion)
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 93/94
ork (e2g2, Facting like a serverF)
ren"t#? +hat are yourotect this asset
3
8/20/2019 Implementing a System-Wide Risk Mitigation Policy (288219183)
http://slidepdf.com/reader/full/implementing-a-system-wide-risk-mitigation-policy-288219183 94/94