Information Security

System Security Worksheet

All campus servers must have a completed System Security Worksheet (SSW).  The SSW is a living document of the security posture of campus systems.  SSW documents key security procedures, events and configuration of the server as well as the applications and database hosted on it.

General Process

  • System Administrator drafts SSW
  • ISEC meeting with each administrator
  • ISEC draft network diagram
  • ISEC final meeting to review SSW
  • System Administrator maintains SSW/change log
  • ISEC annual review

Events that trigger a new or updated SSW

Trigger EventsSystem Administrator Action
New server purchase or repurposeStart drafting SSW and contact ISEC to setup a review meeting.
Addition/modification/deletion of host firewall on system with SSWReview new rule set and minimize to only IP/Ports required to meet business needs.  Evaluate new rules for risk and recommend/implement controls to mitigate.  Forward proposed new rule set to ISEC for approval.
Response change on SSW question or areaUpdate the SSW or document in a change log.  Contact ISEC with updated information.
Decommission serverUpdate the SSW and note decommissioned, by whom, and date.

For more information...

Contact the Information Security Office at ISEC@csuchico.edu