POLICY
a. Copyrights and Licenses:
Systems administrators must respect copyrights and licenses to software and other online information. All software protected by copyright must not be copied except as specifically stipulated by the owner of the copyright or otherwise permitted by copyright law. Need to write or understand more about license handling.
b. Data backup services:
System administrators must perform regular and complete backup services for the systems they administer, or they must work with Office of Information Technology administrators to add their system to a larger university backup structure. System administrators will describe the data restore services, if any, offered to the users. A written document given to users or messages posted on the computer system itself shall be considered adequate notice.
c. System integrity:
Systems administrators are responsible for maintaining all aspects of system integrity, including obtaining releases and fixes that assure the currency of operating system upgrades, installation of patches, managing releases, installation of anti-virus software, updates of virus definitions, and the closure of services and ports that are not needed for the effective operation of the system. Prompt renewal of vendor hardware and software agreements is required. Absence of a vendor support contract does not mean that the Office of Information Technology is able to repair and restore systems without prior agreement or notice. Systems administrators must make every effort to remain familiar with the changing security technology that relates to their system and continually analyze technical vulnerabilities and their resulting security implications.
g. Account integrity:
Systems administrators will manage accounts on a timely basis, providing new accounts and removing old accounts in a prompt manner. Accounts will be disabled and deleted based on the access rules for the environment and in compliance with all licensing. Systems administrators will assure that good passwords are used and that passwords are changed frequently, within the limits of the system environment. System administrators will ensure that accounts can be traced to an individual person (or a group of people in the case of group accounts) and that the accounts have system access that match the authorization of the user. Stored authentication data (e.g., password files, encryption keys, certificates, personal identification numbers, access codes) must be appropriately protected with access controls, encryption, shadowing, etc. - e.g., password files must not be world-readable.
h. Network Consistency:
Systems administrations will implement systems in compliance with the overall company structure for Internet Protocol (IP) addressing, domain services, and directory services, as established by the Office of Information Technology.
i. Removal from the network:
For the purpose of assuring all company network and sub-network users a sound environment, and to meet the company expectations for network services, a system found to be in non-compliance may be removed from the companies network. When immediate disconnection is not necessary, system administrators will still be expected to take prompt action, to diagnose the problem, to stop any ongoing abuse, and to make whatever changes are needed to prevent reoccurrence. Generally this will involve adopting "best practices" for security. This process should preserve any evidence that might be needed to locate the source of the problem and take any legal or disciplinary action that might be appropriate. System administrators may be asked to demonstrate compliance to this document before network services are restored after a documented instance of non-compliance.
A system administrator is responsible for monitoring and executing the application after it is deployed. He is involved in security management, administration of enterprise's computing and networking infrastructure, and proper execution of deployed enterprise application at runtime. He is responsible for configuring the EJB server, so that it can be made available to other network services.
No comments:
Post a Comment