Recommendations geared towards Chemistry research groups. ChemIT's role is to promote, not require or enforce, these best practices.
Activities to help promote this best practice
Done
- Posted announcement of list to our News blog, and included in future update email to all CCB folks.
Ideas for next steps
- Ensure ChemIT has the resources to promote this (or, can we afford not to?).
- Propose formally to CCB's Tech Cmt for feedback and support.
High-level context for a Research group IT Risk assessment
- Similar to CIT Security office Security Assessment and disaster recovery
- Offer to do this
- Enable Computing Rep to do this
- Just inform, assess, not enforce anything
Benefits
- Cost (what do we mean by this?)
- Image (what do we mean by this?)
- Prevent loss of science
- Pre-audit – be in compliance when audit happens
What would be included?
- Physical access to systems, data
- Accounts management
- Backup
- Data recoverability
- Intrusion detection
- Critical operations
- Emergency preparedness
- Machines
- Inventory
- Individual assessment
- Age / potential for failure
- Applications and os updates
- Virus likelihood
- Clusters
- Accounts management
- Remote access / ports
- Failure recovery
- Backup & Archive
- Network / remote access
- 3rd party issues --access, recovery, restriction, location / country of storage
- Personal machine risks
- Infections spread to CU Machines
- Wipe out CU Data
- Users steal data