University Audit

Systems

Examples of controls to reduce the risks of data loss, unauthorized access, and unavailable systems:

  • Security of Mobile Computing, Data Storage, and Communication Devises, UCF Policy 4-007, and Data Classification and Protection, UCF Policy 4-008.
  • Access to sensitive and critical data is limited through user identifications and passwords. Each user is assigned an appropriate access level.
  • User access is terminated when the employee leaves.
  • Passwords are not shared.
  • The system limits the number of unsuccessful password attempts.
  • Servers are protected from unauthorized physical access and environmental damage (fire, water, etc.).
  • Critical data is backed up daily, with backup stored off-site.
  • Servers are connected to an uninterruptible power supply system.
  • Each computer has up-to-date virus protection software.
  • Operating systems are updated for current security patches and applications are configured for security. System administrator access is limited to a few persons.
  • The unit has developed and tested a continuity plan in the event of disaster or computer failure. The plan includes a complete inventory of equipment and software, as well as detailed instructions for recovery.