Critical System Identification & Availability
Identifying critical systems for availability on the network is an important part of the University's ongoing risk management and compliance obligations. It is important that system and data owners identify critical systems to University Information Security (UIS) for incident response purposes.
For this purpose, a critical system for availability meets one of the following criteria:
- Multi-user system identified as High or Medium Security Level
- Single-user system identified as High Security Level
- Network infrastructure
How to identify these systems to University Information Security:
- Include the IP addresses for critical systems in your "Critical" systems asset group in Qualys vulnerability scanning system. See Asset Groups section.
- OR send the following information (including changes to this information) to email@example.com:
- IP address(es)
- Type of system(s) and how the system(s) is used
- College or administrative unit name
- Primary and secondary IT contact information (name, email address, office phone, cell phone)
- Documentation supporting why the IP addresses can not be vulnerability scan
Learn more about classifying University data and Identifying Security Level in the University Data Security Classification Policy.
Learn more about Qualys Technical Vulnerability Scanning.
Questions, send e-mail to firstname.lastname@example.org