Standards, Guidelines & Best Practices

As servers, workstations and personal computers are added to the network, the follow articles should be consulted to help guide

What follows are resources promoted by management as a recommendation. Guidelines are developed by subject matter experts either locally or through external groups, vendors, or a combination. These best practices may develop into standards as they mature.

By following good security practices we can help others in the university community benefit from decreased risk. "Good neighbor" security practices help others for the common good. Technology should be reviewed for conformance to industry and university policies, practices, and guidelines prior to deployment rather than after a problem or incident. Members of the university community can help themselves and others by increasing the visibility and support for security within their department or workgroup.

UC Information Security Plan

Users

1. Information Security in the Workplace
2. Disabling Windows Messenger Service
3. Email Attachments to Filter
4. How To... Avoid Getting Hooked (Avoid Phishing)
5. How To... Avoid Spyware
6. How To... Choose a password
7. How To... Fight Identity Theft
8. How To... Fight Spam
9. How To... Hacker-Proof your Computer
10. How To... Lock Your Computer Account
11. How To... Protect Your Laptop
12. How To... Safely Trade In (Throw Away) Your Cell Phone
13. How To... Sanitize Data or a Full Hard Disk
14. How To... Shop (or conduct other business) online more safely
15. Key Loggers
16. Music, Video and Peer-to-Peer File Sharing
17. Protecting Your Home Computer
18. Protect yourself from security holes in old Java releases
19. 10 Tips for Wireless Users
20. Top Social Security Number Don'ts

Workstation

1. CERT's Guideline: Windows 95/98
2. Computer Compromise Remediation Checklist
3. Email Attachments to Filter
4. Guideline for Securing Windows XP Systems
5. How To...  Sanitize Data or a Full Hard Disk
6. Protect yourself from security holes in old Java releases
7. Remedies for Backdoor Programs
8. Securing your Email Server agianst Spam (Spam Links)
9. Securing your Email Server agianst Spam (Maps)
10. Workstation Protection
11. Windows Workstation Security: Problems, Solutions & Resources

Servers / Systems

1. Securing Microsoft IIS WebServer
2. CERT's Guideline: UNIX Configuration
3. Credit Card Processing
4. Guidelines for Securing Web-based Communications
5. HIPAA Standards and Procedures Checklist
6. How To...  Sanitize Data or a Full Hard Disk
7. Protect yourself from security holes in old Java releases
8. SANS Top 20 Vulnerabilities
9. Securing Linux Systems
10. Securing Microsoft IIS Web Server
11. Task Schedule for IT/InfoSec Administrators
12. The W3 Security FAQ

Programmers

1. Open Web Application Security Project (OWASP) - A worldwide free and open community focused on improving the security of application software. A very worthwhile reference for programmers. - OWASP local Chapter

Resources & References

• Conduct an Information Security Control Self-Assessment
• HIPAA Requirements Checklist (from NACUA)
• Organizations associated with UC that are also using the ZIX appliance
• Server Daily Checklist Example

For more information

Please review the InfoSec Standards Recommended by Governing Bodies