Service Name
|
Security Management and Consulting
|
| Description |
This service supports the University's security policies and processes by providing appropriate controls over access to service infrastructure components and protecting services from unauthorized access or use. This service also provides consulting services to ensure departments and systems comply with the University's security requirements.
|
Service Line
|
Security Management
|
| Features |
-
Establishes monitoring and reporting processes for security events and ensures that all recognized events are logged, escalated and reported on.
-
Plans and designs hardware and software solutions used to support security processes and automated enforcement of University security policies.
-
Establishes guidelines for appropriate access control lists, grouping assignments, rights assignments and access profiles.
-
Consults and recommends physical security solutions such as badge creation and maintenance, camera surveillance, physical access management to secure areas and physical authentication such as thumb or retina biometrics access.
-
Establishes appropriate protocol management services such as encryption support, VPN access and secured transmission of data and files.
-
Negotiates and establishes appropriate presence management services such as federated security management and trusted partner support.
-
Plans and allocates resources to support internet firewalls, internet port access and proxies.
-
Consult with University departments on security requirements for application security, security models, application security API interfaces and security validation.
-
Negotiates with 3rd party firms to conduct regular audits and tests for intrusions, vulnerability and security risk exposures.
-
Support external audit efforts as well as validate security compliance with regulatory and industry controls.
-
Provide security consulting services to assist with security design over new and changing services.
-
Works with Technology Training service to ensure appropriate campus community training on information security roles and responsibilities.
|
| Service Administrator (owner) |
Dexter Caldwell |
| VP Customer |
Vice President for Academic
Affairs and Dean |
| Availability |
- Security consulting available during normal work hours M-F 8:30 am to 5:00 pm, except for weekends, holidays, and planned downtime.
- Campus network and systems security is to be operational 24 X 7 X 365. Provisions to maintain security must be made as part of planned maintenance and upgrade processes.
|
| Support |
- Support is provided 8:30 am - 5:00 pm M-F except for campus holidays and shutdowns.
- Trouble calls to IT Service Center 864-294-3277 or email help.desk@furman.edu
- Emergency support outside normal work hours is routed through Public Safety at 864-294-2111.
|
| Initiated |
- Approved work Requests
- Escalated Incidents or Problems from the Service Desk
- Approved operational run procedures
- Security incidents, alarms and alerts
|
| Charges |
None
|
Delivery channels
|
- Complete Work Requests
- Security plans and strategies
- Consulting and Support
|
| Prerequisites |
Adequate power and operating environment for security infrastructure.
|
| Key Service Targets |
- Major Server Vulnerability Rate. (Quarterly Major Server Vulnerabilities/Total Servers Scanned.)
- Total Server Vulnerability Rate. (Total servers with vulnerabilities/Total Servers Scanned.)
- Security Management Process Maturity
- Staff Security Training Rate. (University Faculty/Staff with PII access trained/Total Faculty and Staff.)
- PCI Compliance Rate. (PCI compliant Apps/Total Apps requiring PCI compliance.)
|