Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

MyEd - University of Edinburgh

advertisement 
Use of MyEd
Code of Practice
Introduction
This code of practice is intended to support the Information Security Policy of the
University and should be read in conjunction with this document.
http://www.ed.ac.uk/schools-departments/information-services/about/policiesandregulations/security-policies/security-policy
This code of practice is also qualified by The University of Edinburgh computing
regulations, found at:
http://www.ed.ac.uk/schools-departments/information-services/about/policies-andregulations
1.
Revision Date
Code of Practice Version
14/09/2012
20/09/2012
CoP
Version
1.0
1.1
Template
Version
1.4
1.4
QA Date
QA Process
Notes
29/09/2012
Reviewed internally by IS
Applications Service
Management staff.
Martin Morrey and Stuart McFarlane
14/11/12
Accepted by IT Security
WP
Suggested date for Revision of the CoP
20/09/2013
Authors
Notes
Paul Johnson
Paul Johnson
Creator
Creator
Author
Paul Johnson
MyEd Code of Practice, based on CoP Template, Version 1.4 20 Jun 2011
1
2.
Revision Date
20/09/2012
System description
System
Version
uPortal
3.2.4
Author
Notes
Paul Johnson
Upgrade to uPortal system due on 29th
October 2012, from version 2.5.3
2.1
System name
MyEd Portal
2.2
Description of
system
MyEd is the University of Edinburgh's web portal. It is a single
sign-on gateway to key web-based services provided to
applicants, students, staff and alumni.
2.3
Data
Stored data
• IDM-sourced user properties
• Bookmarks
• Announcements
• Log-in data
Enables selective access to other data sources via custom
“channels”, including:
• EUCLID
• HR
• EMAIL
• Finance
• Alumni Directory
2.4
Components
2.5
System owner
2.6
User base
2.7
Criticality
Apache Tomcat Server
uPortal JAVA application
Oracle Database
IS Apps Service Management, Web Integration Team for service
level ownership.
IS Apps Production Management for application and platform
level ownership.
• system administrators
• EASE-authenticated users (staff, students, alumni,
visitors)
High
MyEd Code of Practice, based on CoP Template, Version 1.4 20 Jun 2011
2
2.8
Disaster recovery The MyEd service, database and application are backed up
status
daily. The system runs in two server clusters, one at Appleton
Tower, on at Kings Buidlings, so a back-up cluster of servers is
always available in the event of a site outage.
Documentation is available on Wiki service pages of the InSite
Wiki
https://www.wiki.ed.ac.uk/display/insite/MyEd
MyEd Code of Practice, based on CoP Template, Version 1.4 20 Jun 2011
3
3.
3.1
User responsibilities
Data
System administrators have the ability to swap identities to view
the layout, features and personal details of any other user. They
have a responsibility to maintain the security and privacy of user
information, under the terms of the standard non-disclosure
agreement for support staff.
EASE-authenticated users are responsible for their own
personal data, such as Bookmarks, and for maintaining the
security of their accounts, in accordance with the University’s
computing regulations.
3.2
Usernames and
passwords
3.3
Physical security Physical servers are located in data-centres at Appleton Tower
and Kings Buildings, which are maintained and secured by IS IT
Infrastructure Division (ITI)
Remote/mobile
The MyEd Portal service is available off-site. As with all
working
University systems, users are responsible for their login
credentials and ensuring that they do not leave themselves
logged in when leaving the device unattended.
Downloads and All data stored on the portal is available off-site. It is the joint
removal of data responsibility of the individual user and content owner to ensure
from premises
that any sensitive data not downloaded left available on a device
on or off-site.
Authorisation and University users are assigned to specific PAGS (Personal
access control
Attribute Groups), based on IDM properties. Membership of
these PAGS determines which “channels” users are shown by
default. Permissions relating to content of specific channels are
managed by the owners of the services to which the channels
relate. System administrator rights are controlled by the service
owners.
Competencies
Users need basic competency in using a secure (EASE)
password and web log-in.
3.4
3.5
3.6
3.7
The services uses the University’s central, CoSign based single
authentication service, EASE. The service determines policies
and responsibilities surrounding passwords.
Administrators require knowledge of uPortal PAGS (Personal
Attribute Groups) and the DLM (Distributed Layout
Management) system.
MyEd Code of Practice, based on CoP Template, Version 1.4 20 Jun 2011
4
4.
4.1
System Owner Responsibilities
Competencies
4.2
Operations
4.3
System
documentation
4.4
Segregation of
Duties
Service owners require knowledge of uPortal PAGS (Personal
Attribute Groups) and the DLM (Distributed Layout
Management) system, including: university customisations of
PAGS and the DLM system.
Production Management require knowledge of Apache Tomcat
application server and Oracle database.
Details of standard procedures and technical support
procedures are available on insite, at:
https://www.wiki.ed.ac.uk/display/insite/MyEd
System documentation for the portal service can be found on
insite, the IS wiki at:
https://www.wiki.ed.ac.uk/display/insite/MyEd
The service owners, IS Apps Service Management, Web
Integration Team are responsible for service documentation.
Guest – Unauthorised users, who have an EASE account, but
who are not a member of authorised groups, do not see any
content in MyEd
Users – Authorised users are assigned to specific PAGS
(Personal Attribute Groups), based on IDM properties.
Membership of these PAGS determines which “channels” users
are shown by default. These groups include students, staff,
alumni, staff-visitors, student-visitors
4.5
4.6
4.7
Administrators – Members of an administrators group, which is
managed from within the MyEd system by the service owner.
Security incidents Security incidents are handled through the central incident
management system making use of the priority model for
escalation.
Fault/problem
Faults or problems are reported through the central incident
reporting
management system. Small-scale incidents can deal dealt with
through the incident management process. Larger-scale or
longer-term problems are dealt with through problem
management.
Systems
Service owner identifies and prioritise development
development
requirements, for implementation by development teams in
formally managed projects.
MyEd Code of Practice, based on CoP Template, Version 1.4 20 Jun 2011
5
5.
System Management
5.1
User account
management
5.2
Access control
5.3
5.4
Staff and Student user accounts in the portal service are
imported from the University’s central Identity Management
System (IDM). Accounts are then removed following the IDM
standard account aging policy.
University users are assigned to specific PAGS (Personal
Attribute Groups) that by default allow access to appropriate
content from within the portal. Permissions relating to specific
content are managed by the service owners. System
administrator rights are controlled by the service owners.
Access monitoring User log-ins are recorded in a database and monitored daily.
Overall system usage will be monitored through Google
Analytics.
Change control
An internal change control system is used to track changes to
the system.
Details of the change control procedure for all University
systems are available at:
https://www.wiki.ed.ac.uk/display/insite/Change+Control+Proced
ure
5.5
Systems clock
synchronisation
5.6
Network
management
5.7
Business
continuity
User customisations are tracked by the portal product itself.
Users have the ability to reset customisation to the default
configuration for their user type..
Automatic clock synchronisation is in place across University
systems. Clocks are synchronised to a central service managed
by the ITI Architecture team
The system is publically available. There are no special network
configurations required to access the portal service.
The MyEd service, database and application are backed up
daily. The system runs in two server clusters, one at Appleton
Tower, on at Kings Buidlings, so a back-up cluster of servers is
always available in the event of a site outage.
Documentation is available on Wiki service pages of the InSite
Wiki
5.8
Security Control
https://www.wiki.ed.ac.uk/display/insite/MyEd
No additional security measures are in place.
MyEd Code of Practice, based on CoP Template, Version 1.4 20 Jun 2011
6
6.
Third Party
6.1
Outsourcing
The security of the portal application itself is the responsibility of
JASIG consortium, www.jasig.org
6.2
Contracts and
Agreements
6.3
Compliance with
the university
security policy
We have an on-demand, fixed-time support contract with
Unicon, a commercial provider of uPortal support,
http://www.unicon.net/services/uportal/support
Not applicable, because supplier does not have data access.
6.4
Personal data
No personal data is disclosed to third parties.
MyEd Code of Practice, based on CoP Template, Version 1.4 20 Jun 2011
7
Related documents
PATH_channel_deployment
PATH_channel_deployment
New student IT checklist 2014-2015
New student IT checklist 2014-2015
Making the most of IT - University of Edinburgh
Making the most of IT - University of Edinburgh
ProjectProposal_Mobile-Information-Solution
ProjectProposal_Mobile-Information-Solution
Using MyEd for the first time
Using MyEd for the first time
Lesson Plan 4 McREL Technology Solutions
Lesson Plan 4 McREL Technology Solutions
Book your place now on MyEd https://www.myed.ed.ac.uk/ Log on
Book your place now on MyEd https://www.myed.ed.ac.uk/ Log on
apassionforscience / Chemistry Wiki Reflection
apassionforscience / Chemistry Wiki Reflection
Project Analysis Form
Project Analysis Form
Download
advertisement