University Audit







RISKS and CONTROLS



Systems


Examples of controls to reduce the risks of data loss, unauthorized access, and unavailable systems:

  • Security of Mobile Computing, Data Storage, and Communication Devises, UCF Policy 4-007, and Data Classification and Protection, UCF Policy 4-008.


  • Access to sensitive and critical data is limited through user identifications and passwords.  Each user is assigned an appropriate access level.


  • User access is terminated when the employee leaves.


  • Passwords are not shared.


  • The system limits the number of unsuccessful password attempts.


  • Servers are protected from unauthorized physical access and environmental damage (fire, water, etc.).


  • Critical data is backed up daily, with backup stored off-site.


  • Servers are connected to an uninterruptible power supply system.


  • Each computer has up-to-date virus protection software.


  • Operating systems are updated for current security patches and applications are configured for security.   System administrator access is limited to a few persons.


  • The unit has developed and tested a continuity plan in the event of disaster or computer failure.  The plan includes a complete inventory of equipment and software, as well as detailed instructions for recovery.




Report a suspected data security breach to Chris Vakhordjian, Information Security Officer, at 407-823-3863 or chrisv@ucf.edu.




Click on the links below for examples of controls to mitigate risk:



Return to overview of Risks and Controls