UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data. The recommendations below are provided as optional guidance for covered system registration requirement.
Requirement
Resource Proprietors, in conjunction with Resource Custodians, must register all protected Core System and Sys Admin devices in the campus data registry system.
Description of Risk
Attackers can discover and compromise protected data on devices not authorized to store, process, or transmit such data. If data on a device is not correctly registered, it will not receive sufficient security monitoring and appropriate prioritization of response to vulnerabilities and compromises.
Recommendations
Registration of protected devices requires a two-step process to create appropriate entries in two campus data registry applications:
- Register Data in Socreg(formerly known as NetReg)
- Security Contact
Protected Data Management
Resource proprietors and custodians should register devices in Socreg that are used to store, process and transmit sensitive data as protected in MSSEI. Information entered in Socreg should follow the guidelines below:
- email address is current and actively monitored for security-related communication
- data elements are accurately and completely documented
- IP address(es) and device (host) names for protected devices are accurate and complete
- If the device is using dynamically allocated IP address (DHCP), please ensure the device is registered in the campus DHCP service
- Use text fields after Machine Type and Operation System to note version number. For example:
- Machine Type: Local Database Server.
- Operating System: Windows.
By registering in Socreg, protected devices are entitled to the following security services:
- More frequent scanning -- network vulnerability scans for Socreg registered devices occur nightly
- A greater range of intrusion detection signatures are reviewed with notifications sent to the security contact
- Elevated responses to alerts – the Information Security Office (ISO) staff are alerted immediately and will attempt to reach an administrator as soon as possible
- Longer retention of network data for future analysis if a breach is confirmed -- this can help to confirm if a hacker was able to access the protected data during the breach incident
Security Contact
In addition to Socreg, ISO refers to a database of IP addresses and associated contact information when it needs to notify contact persons of any security issues regarding a computer under their responsibility. To implement this procedure, each department needs to appoint and enter a primary security contact and one or more backup contacts into the Security Contact application. (See Updating a Department's Security Contact Email Address) The following guidelines provide additional details on the requirements of the Security Contacts registration:
- Accurate IP address range(s) is essential to timely and effective response to security incidents in the future.
- All security contacts for a given department should be reachable through a single email address (e.g.,security@me.berkeley.edu).
- There should be at least a single email address with encryption key for exchanging secure messages with central campus security personnel. The email address for secure communication can be a personal email address of departmental security personnel.
- Security contacts must respond to security incident reports from central campus security staff and pass them on to responsible departmental or third party support personnel as appropriate.
- Security contacts need to have some familiarity with the computers in their department and be able to determine who a responsible technical person is; it is not necessary for the contact to have extensive security expertise.
- Groups of departments may agree to share contacts for efficiency.
Security contacts are responsible for ensuring that appropriate personnel takes action in response to each security incident (including escalating the incident to an appropriate departmental authority if action is not taken) and that resolution of each incident is reported to security@berkeley.edu.
For detailed instructions on how to setup Security Contact profiles, please refer to procedures to setup Security Contact profiles.
Additional Resources
- Updating a Department's Security Contact Email Address -
http://security.berkeley.edu/contacts.html#update