Section 4.6.5 Security Audits of MurdochNet Servers & Affiliated Web Servers
It is recommended that Central MurdochNet Servers should be
audited at appropriate intervals to ensure that the security set up of
operating system and Web Server software meets the Security Guidelines for Computers
Used to Run Web Servers.
MurdochNet Servers
and Affiliated Web Servers that have been authorised to perform the role of
Internet Content Host shall be audited for security if they are using IP addresses
outside an Internet Accessible Subnet (IAS).
A security audit
shall be carried out at appropriate intervals to review the security set up of
operating system and Web Server software to ensure that it meets the Security
Guidelines for Computers Used to Run Web Servers.
Security audits shall be shall be conducted in consultation with either the Web Administrator
responsible for the Server, or the person responsible for IT management in the
organisation unit or resource area that runs the Server.
Security audits
shall be undertaken by the authorised nominee of the Director of the
Office of Information Technology Services (eg. the IT Security Manager), or by
an external agency appointed by either the Director of the Office of
Information Technology Services, or Internal Audit and Risk
Management, should a situation arise that requires it.
In cases where the security audit establishes security
violations have occurred on a computer that runs a Web Server, the University’s
IT Security Manager shall take appropriate steps as required by the
University’s IT Security Policy.
|
