Centralized System Administration and Security Management in a Decentralized Computing Environment

This session illustrates two methods for centrally managing security events, beginning with malicious events or with vulnerability data. First, UGA has implemented a central SIEM, which greatly enhances the ability to monitor IT-related security events from various security devices (firewalls, authentication servers, etc.) that the individual devices might have overlooked. InfoSec grants departments access to view events for their networks in exchange for them logging security events to the SIEM. Second, UNC Chapel Hill created an approach whereby servers that contain sensitive information are scanned for vulnerabilities on a monthly cycle. A system administrator must then remediate the vulnerabilities before the end of the scanning cycle. If the vulnerabilities cannot be properly addressed within 90 days, a unit must outsource sysadmin functions to a qualified entity.