System Administrators' Responsibilities
As custodians of services and systems that support the university's mission, the System Administrators role is critical in ensuring that these resources remain secure, reliable, and resilient. The protection of confidential data—ranging from academic records and research data to personal information—relies heavily on your diligence.
This guide is designed to outline your specific responsibilities and the best practices you should implement to fortify your systems against potential threats. By proactively managing risks, ensuring compliance with regulations, and fostering a culture of security within your teams, you help safeguard our academic community and uphold the trust that Community Members place in our systems.
- Classify system and data risk properly.
- Apply and maintain Minimum Standards appropriate to the risk classification.
- Provide security incident response assistance.
Researchers should visit the OVPR’s Research Data Management site for additional policy considerations.
1. Classify system and data risk appropriately.
Apply the University schema to evaluate risks associated with IT systems/services and data, with an emphasis on confidentiality, integrity, and availability. For cloud services, understand the "Shared Responsibility Model", which outlines which party is responsible for security.
Requirements:
- Accurately classify systems and data following the guidelines provided in "University Risk Classifications", including data privacy and system availability considerations.
- Engage the Information Security and Data Privacy team or local security personnel if assistance is required.
2. Apply and maintain Minimum Standards appropriate to the risk classification.
Configure systems/services according to University standards. Periodically evaluate compliance and performance, making adjustments when necessary. Maintain documentation of all practices and procedures.
Requirements:
- Ensure systems meet the relevant university "Minimum Standards" based on the designated risk classification.
3. Provide security incident response assistance.
Notify the Information Security and Data Privacy office if you suspect a security related issue. Develop and follow incident response plans. Coordinate with teams to resolve issues swiftly and communicate with stakeholders. Analyze incidents post-resolution to improve future responses and update plans accordingly.
Requirements:
- Assist in managing security incidents as per the methodology outlined in the "Incident Response Plan."