This process includes patching, configuring, logging, monitoring, and maintaining an operating system (in our case Red Hat Enterprise Linux 5.6) in an effort to make the system more secure. This effort is an ongoing process. The system is monitored in numerous ways on a daily, weekly, and monthly basis. We have software and hardware in place for monitoring and prevention of unauthorized intrusions or access, as well as corruption due to virus infection.
Operational The COBRA application is supported both through the helpdesk and system upgrades. The helpdesk is operated Monday through Friday from 7 am until 6 pm and is operational 99% of the time. Servers are on over 95% of the time, and monitored by systems administrators via server messaging incase of malfunctions outside core hours.
Maintenance System upgrades part of an ongoing program. As new methods are discovered, as software improves, as users’ needs change, COBRA is updated. Critical updates and patches are applied within 72 hours. Other non-critical changes or modifications are conducted and completed based on prioritization of tasks.
Backups The Columbia Group’s systems are backed up daily and weekly. These backups are stored both on disk and on tape. Backups stored on disk provide for faster restoration. The backups stored on tape are better for archival purposes.
Data Recovery A Contingency Plan (CP) has been developed for the system that spells out the methods and efforts required to bring the system back on-line in the event of a major system failure. The CP, along with numerous other security checks is tested annually. The security checks include such items as reviewing the software and hardware baseline, user permissions, the incident response plan, backup viability checks, and support contracts. These efforts meet the FISMA requirement for an annual security review.