|
|||||
Introduction The mission of the UMS security program is to provide access to administrative systems and data stored and operated by UMS, while protecting those resources from unauthorized use, destruction, disclosure, or modification. To fulfill this mission, UMS must continually update its security strategy to make use of new security technologies to secure new kinds of systems and data against new threats. At the same time, it must continue to provide the high quality security for which it has been known in the mainframe environment. This document states the current direction for development of UMS security for an open systems environment. Service Level Objective Requests for new access, change to existing access, or deletion of access will be processed within 48 hours of receipt at UMS if all required information and authorization is correct and complete. Components of Security UMS is concerned about nine aspects of security:
UMS assists system and data managers in determining the degree to which each of these services should be provided in light of the cost of the policies, procedures, personnel, and technology needed to provide them. UMS Computing Environment The UMS computing environment is very complex with every indication that the complexity will continue to increase. UMS has to secure a range of platforms from mainframe through mid-range to desktop workstations. Those platforms are used for a variety of services including online transaction processing, terminal access to data via "third party" tools - some of which use client/server design, access to systems and data on web servers and use of web applications to reach data and systems on other servers, and access via voice response systems. People seek to use those services via networks that include the University's four campus network, departmental LANS, and the Internet. Many of those networks are not under UMS control and may create risks against which UMS must take reasonable precautions. Security Direction UMS is committed to continuing to provide the high level of protection that has historically been achieved for mainframe systems and data on all the platforms for which it is responsible. UMS is especially intent on mitigating the additional exposures that exist in the open systems environment. At the same time, UMS is working to develop a new approach to security that has the following features and characteristics: Network Level Security Services
Strong Security
Functions in a Heterogeneous Environment
Minimizes User Impact
Manageable
Robust
UMS is currently investigating the use of public key based certificates to provide authentication and LDAP for storage of both certificates and authorization information. Those mechanisms are most mature for controlling access to web applications and data but offer significant promise of controlling other applications and data as well. We will continue to monitor campus security developments and work to interoperate with their mechanisms wherever possible.
|
|||||