Procedures
-
Access Control Management
Use processes and tools to create, assign, manage, and revoke access credentials and privileges for user, administrator, and service accounts for enterprise assets and software.
-
Account Management
Use processes and tools to assign and manage authorization to credentials for user accounts, including administrator accounts, as well as service accounts, to enterprise assets and software.
-
Application Access Controls
Access control security standards for applications
-
Application Backups
Backup procedures for applications that run on Linux, macOS, and Windows systems.
-
Application Centralized Logging
IT Security Office requires remote, centralized logging for all medium and high risk applications.
-
Application Data Security Controls
Data security control techniques include encryption, masking, and erasure.
-
Application Developer Training
All developers of medium and high risk applications are required to stay up-to-date on the latest security trends by taking a security awareness training at least once per year.
-
Application Firewall
Guide on how to allow applications through firewall and the risks involved with doing so
-
Application Inventory
Keeping an accurate, up-to-date application inventory list allows you, your department, and the IT Security Office to collaborate and quickly respond to security incidents.
-
Application Patching
Patching is the process of supplying and applying patches to software.
-
Application Secure Software Development
Application developers must run security tests to find problem areas in the application code and know the best practices for secure web development.
-
Application Security Review
All Virginia Tech applications should properly implement data security policies and standards to ensure integrity and authenticity.
-
Application Software Security
Manage the security life cycle of in-house developed, hosted, or acquired software to prevent, detect, and remediate security weaknesses before they can impact the enterprise.
-
Application Two Factor Authentication
Virginia Tech uses Duo 2-factor authentication as a part of its Single Sign-On service.
-
Application Vulnerability Management
Requesting a Web Application Scan, a Vulnerability Scan, an Application Review and Reporting an Incident
-
Audit Log Management
Collect, alert, review, and retain audit logs of events that could help detect, understand, or recover from an attack.
-
Building Private Network
Steps showing how to migrate an Ethernet portal to the building private network
-
Continuous Vulnerability Management
Develop a plan to continuously assess and track vulnerabilities on all enterprise assets within the enterprise’s infrastructure, in order to remediate, and minimize, the window of opportunity for attackers. Monitor public and private industry sources for new threat and vulnerability information.
-
Data Protection
Develop processes and technical controls to identify, classify, securely handle, retain, and dispose of data.
-
Data Recovery
Establish and maintain data recovery practices sufficient to restore in-scope enterprise assets to a pre-incident and trusted state.
-
Email and Web Browser Protections
Improve protections and detections of threats from email and web vectors, as these are opportunities for attackers to manipulate human behavior through direct engagement.
-
Endpoint Backups
Backup procedures for Linux, macOS, and Windows clients to securely back up Virginia Tech endpoint systems.
-
Endpoint Centralized Logging
IT Security Office requires remote, centralized logging for all high risk endpoints.
-
Endpoint Configuration Management
Configuration management is a process for maintaining computer systems, server and software in a certain desired state.
-
Endpoint Credentials and Access Control
Endpoint devices can be secured by having strong security practices, such as enabling 2-factor authentication and keeping separate, secure passwords for endpoint account access.
-
Endpoint Data Security Controls
The use of data security controls ensures only those who are permitted access to a specific piece of data are able to access it. Data security control techniques include encryption, masking, and erasure.
-
Endpoint Encryption
Endpoint encryption use cases: File encryption, Disk encryption, and Data in Transit encryption
-
Endpoint Equipment Disposal
Endpoint device hard drives should be wiped before disposal. This procedure covers how to wipe each physical hard drive.
-
Endpoint Firewall
Steps to verify that the host-based firewall is enabled for your operating system to ensure maximum security on every network
-
Endpoint Inventory
Keeping an accurate, up-to-date endpoint inventory allows you, your department, and the IT Security Office to collaborate and quickly respond to security incidents.
-
Endpoint Malware Protection
Using strong malware protection is important in keeping your device secure from vulnerabilities and attacks. This guide will outline ways to ensure your device has malware protection.
-
Endpoint Patching
Patching is the process of applying updates to software. These updates correct security, reliability and usability issues. Patches may be applied to the operating system (OS), system software (such as database engines), and application software such as office productivity suites and web browsers.
-
Incident Response Management
Establish a program to develop and maintain an incident response capability (e.g., policies, plans, procedures, defined roles, training, and communications) to prepare, detect, and quickly respond to an attack.
-
Inventory and Control of Enterprise Assets
Actively manage (inventory, track, and correct) all enterprise assets (end-user devices, including portable and mobile; network devices; non-computing/Internet of Things (IoT) devices; and servers) connected to the infrastructure physically, virtually, remotely, and those within cloud environments, to accurately know the totality of assets that need to be monitored and protected within the enterprise. This will also support identifying unauthorized and unmanaged assets to remove or remediate.
-
Inventory and Control of Software Assets
Actively manage (inventory, track, and correct) all software (operating systems and applications) on the network so that only authorized software is installed and can execute, and that unauthorized and unmanaged software is found and prevented from installation or execution.
-
ITSO Approved Cryptographic Algorithms
If you are not protecting data that is required to use NIST-approved algorithms, then you may also use these ITSO-approved algorithms.
-
Linux Systems Hardening
Resources for hardening Linux systems that we find useful in the ITSO
-
Malware Defenses
Prevent or control the installation, spread, and execution of malicious applications, code, or scripts on enterprise assets.
-
Network Infrastructure Management
Establish, implement, and actively manage (track, report, correct) network devices, in order to prevent attackers from exploiting vulnerable network services and access points.
-
Network Monitoring and Defense
Operate processes and tooling to establish and maintain comprehensive network monitoring and defense against security threats across the enterprise’s network infrastructure and user base.
-
Penetration Testing
Test the effectiveness and resiliency of enterprise assets through identifying and exploiting weaknesses in controls (people, processes, and technology), and simulating the objectives and actions of an attacker
-
Secure Configuration of Enterprise Assets and Software
Establish and maintain the secure configuration of enterprise assets (end-user devices, including portable and mobile; network devices; non-computing/IoT devices; and servers) and software (operating systems and applications).
-
Security Awareness and Skills Training
Establish and maintain a security awareness program to influence behavior among the workforce to be security conscious and properly skilled to reduce cyber security risks to the enterprise.
-
Server Backups
Backup procedures for Linux and Windows servers that you may use to securely backup Virginia Tech server systems
-
Server Centralized Logging
During an IT security incident, logs help determine what happened and when. Attackers often delete or modify local logs, so the IT Security Office requires remote, centralized logging for all medium and high risk servers.
-
Server Credentials and Access Control
Servers can be targets for hackers thereforew it is important to have a strong protection against these threats. Common strategies for combating malicious threats include creating strong passwords and enabling 2-factor authentication for account access.
-
Server Data Security Controls
The use of data security controls ensures only those who are permitted access to a specific piece of data are able to access it. Data security control techniques include encryption, masking and erasure.
-
Server Equipment Disposal
This procedure covers how to wipe each physical hard drive. Before following this procedure, you must know how many hard drives are in the server.
-
Server Firewall
A firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization’s previously established security policies. At its most basic, a firewall is essentially the barrier that sits between the host and the network.
-
Server Intrusion Detection
Virginia Tech’s IT Security Office runs a network intrusion detection system 24/7 that can help protect your computer. However it is important to run intrusion detection systems locally to provide an extra layer of defense.
-
Server Inventory
Keeping an accurate, up-to-date server inventory allows you, your department, and the IT Security Office to collaborate and quickly respond to security incidents.
-
Server Malware Protection
Having strong malware protection on your server is an important part of not only keeping the server safe, but also the other computers that may be using that server. The Virginia Tech minimum security standards requires that some form of a security monitoring tool must be used.
-
Server Patching
You should apply critical and high severity security patches within seven days of their release and all other security patches within 90 days. Key factors for server patching are downtime, duration, and frequency.
-
Server Physical Protection
Server physical security should be achieved through a multilayered approach, targeting safety, security, and maintenance.
-
Server Security Review
Security reviews provide a thorough overview of the current state of an application, server, or endpoint device and its security.
-
Server sysadmin Training
Virginia Tech requires system administrators (sysadmins) to attend a security training course once per year to ensure they have a basic understanding of best practices for security at Virginia Tech.
-
Server Two Factor Authentication
Virginia Tech uses Duo 2-factor authentication as a part of its Single Sign-On service. This enables users to authenticate their login attempts by either providing a code or verifying a “push” notification via the Duo mobile app.
-
Server Vulnerability Management
Virginia Tech departments may request a vulnerability scan of a commercial or homegrown application. The Virginia Tech IT Security Office is responsible for conducting security reviews, which can be requested through 4Help. If you believe a server, application, or account has been hacked, you may report the incident in 4Help.
-
Service Provider Management
Develop a process to evaluate service providers who hold sensitive data, or are responsible for an enterprise’s critical IT platforms or processes, to ensure these providers are protecting those platforms and data appropriately.