UCI   Office of Information Technology

UCI Information Security
  1. Home
    2.  » 
  2. UCI Information Security Management Program
    3.  » 
  3. Information Asset Classification
    4.  » Critical IT Infrastructure

Critical IT Infrastructure

IT resources are also considered Critical IT Infrastructure if they meet certain criteria below.  These are particularly important systems that, if
compromised, would result in compromise of multiple other resources, and may require special protections that go beyond A4 and P4 controls.

 

    1. IT Resources that manage unrelated sets of Institutional Information or sets of large or particularly sensitive Institutional Information.
    2. IT Resources that meet two conditions: a) Several information systems rely on the resource such that a security issue with the resource would affect multiple systems. b) The default or standard method for securing the system is inappropriate due to an elevated level of risk, complexity, or the specialized nature of the IT Resource.

 

Examples:

    • Active Directory, which maintains information about users, permissions, and other security-related attributes.
    • Single sign-on (SSO) authentication and enterprise authorization services.
    • Encryption key management system protecting keys for many systems.
    • Domain Name System (DNS).
    • Networking equipment (wired and wireless) that provides access to P4 information.
    • Firewall protecting databases with P4 information.
    • Single departmental server performing a combination of many critical functions.
    • Virtualization hypervisor managing various guest VMs.
    • Network storage used by a variety of IT resources.
    • Cloud IaaS hosting a variety of IT resources.