System Security Worksheet

All campus servers must have a completed System Security Worksheet (SSW).  The SSW is a living document of the security posture of campus systems.  SSW documents key security procedures, events and configuration of the server as well as the applications and database hosted on it.

General Process

  • System Administrator drafts SSW
  • ISEC meeting with each administrator
  • ISEC draft network diagram
  • ISEC final meeting to review SSW
  • System Administrator maintains SSW/change log
  • ISEC annual review

System/Server Security Worksheet (Word)

Events that trigger a new or updated SSW

Trigger Events System Administrator Action
New server purchase or repurpose Start drafting SSW and contact ISEC to setup a review meeting.
Addition/modification/deletion of host firewall on system with SSW Review new rule set and minimize to only IP/Ports required to meet business needs.  Evaluate new rules for risk and recommend/implement controls to mitigate.  Forward proposed new rule set to ISEC for approval.
Response change on SSW question or area Update the SSW or document in a change log.  Contact ISEC with updated information.
Decommission server Update the SSW and note decommissioned, by whom, and date.

For more information...

Contact the Information Security Office at ISEC@csuchico.edu