91Ë¿¹ÏÊÓƵ
When you deploy, manage or operate a web presence, it's essential to follow these best practices to secure your environment and prevent incidents for which your department or faculty could be held liable.
- Patch and upgrade operating systems and applications regularly to ensure these are up-to-date with vendor(s) security updates. In cases of critical exploits, apply security patches or workarounds immediately according to vendor’s security alert subscriptions or announcement.
- Configure operating systems and applications according to best practices provided by the vendor(s), including but not limited to:
- changing default passwords and managing passwords according to the ITS Standard for and
- disabling accounts, services and applications that are not needed & decommissioning unused servers
- managing accounts following the principle of least privilege and the ITS Standard for
- restricting access and data to authorized parties only
- Implement web authentication and encryption technologies according to ITS Standards for and
- Back up content, application configurations and operation system regularly following the ITS Standard for
- Set up and monitor access log files properly to enable incident investigation according to the ITS Standard for and
- Define change control processes to ensure all changes are justified, documented and tracked
- Follow as applicable, such as for
Contact
- For any questions about the above guidelines, contact IT Service Desk on the to reach IT Security team for consultation
- For web applications and services hosted outside of 91Ë¿¹ÏÊÓƵ,
- follow the Cloud service acquisition process and Policy on the Responsible Use of 91Ë¿¹ÏÊÓƵ Information Technology Resources
- indicate on the homepage that the website is not hosted by 91Ë¿¹ÏÊÓƵ
- For the 91Ë¿¹ÏÊÓƵ-supported Web Management System (WMS) see the Web Services Contact us page
Tools
- IT Services will launch pilot for the vulnerability management and scan services in 2020. If you are interested to be part of the pilot, please contact IT Security on theÂ