This Practice Directive defines the baseline configuration standards for all servers owned by San Francisco State University. Effective implementation of this Practice Directive will minimize the risk of server vulnerabilities that can result in system unavailability, data corruption, unauthorized access, information and resource misuse and service disruption.
SF State Practice Directive on Reporting an IT (Computing or Information) Security Incident or Vulnerability at San Francisco State University
The following outlines the types of common information security incidents and where they should be reported. It is also the process for reporting significant, unmitigated or zero-day vulnerabilities that present the potential for large scale data loss or operational disruption.
This Practice Directive defines requirements for patch management on all San Francisco State University owned information technology systems, network resources (such as switches, routers and firewalls) and applications.
All SF State-owned information technology systems, network resources (such as switches, routers and firewalls) and applications will have a management-appointed person or persons (formally identified) responsible for maintenance of operating systems, security software and applications.
All users (faculty, staff and students) using the university network must follow University-defined processes and use University-managed network devices and wireless access points. All changes to the campus network services are made by Information Technology Services (ITS).
This Business Practice Directive defines service offering, policies, requirements and provisions governing the use of Faculty and Staff E-mail Services provided by San Francisco State University. SF State supports one enterprise e-mail system providing all faculty and staff with an @sfsu.edu e-mail account for official University communication.
Faculty and Staff (employees) as defined by Human Resources are eligible for Faculty and Staff E-mail Services.
The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the internet. The DNS translates meaningful domain names to the numerical (binary) identifiers associated with networking equipment for the purpose of locating and addressing these devices world-wide.
SF State has implemented this Practice Directive because: