The beginning of the ISAAC risk assessment process coincides with the annual updating of various documents associated with the Server Management Program effort. If you or if you have departmental staff that run server systems, they should be aware of the process of updating the various relevant content in the AgriLife SMP application – https://agrilife-smp.tamu.edu/index.php
Content that requires annual updates include: Account Management process; Backup/Data Restoration and Recovery; Change Management; and Disaster Recovery.
Additionally, the following items are to be provided to the AgriLife ISO annually on Sept 1,:
- a copy of the scan results (and remediation efforts) for Scanning of Confidential Information on server systems;
- copy of the audit log detailing account activity log review;
- an update to the Physical Access log for the previous quarter;
- Risk Assessment (to be uploaded by Dec 8, 2015),
- copy of the patch/update installation from the Change Management log (with dates and times actions were performed);
- a copy of the updated security monitoring process document and relevant systems;
- a copy of the security monitoring log for the previous quarter;
- a copy of the vulnerability scan for all relevant server systems;
- an updated document identifying remediation efforts for vulnerabilities for the previous quarter.
If you or your IT staff need to review the Server Management Program information – it is available at http://agrilifecdn.tamu.edu/it/files/2012/07/ServerManagement-Program-Guide.pdf