Security Monitoring is a method used to confirm that the security practices and controls in place are being adhered to and are effective. Monitoring consists of activities such as the review of: user account logs, application logs, data backup and recovery logs, automated intrusion detection system logs, etc.
The purpose of security monitoring is to ensure that information resource security controls are in place, are effective, and are not being bypassed. One of the benefits of security monitoring is the early identification of wrongdoing or new security vulnerabilities.
This procedure applies to all University information resources. The purpose of this procedure is to provide a set of measures that will mitigate information security risks associated with Security Monitoring. The intended audience for this procedure includes, but is not limited to, all information resources data/owners, management personnel, and system administrators.
Confidential Information: information that is excepted from disclosure requirements under the provisions of applicable state or federal law, e.g., the Texas Public Information Act.
Information Resources (IR): the procedures, equipment, and software that are designed, employed, operated, and maintained to collect, record, process, store, retrieve, display, and transmit information or data.
Mission Critical Information: information that is defined by the University or information resource owner to be essential to the continued performance of the mission of the university or department. Unavailability of such information would result in more than an inconvenience. An event causing the unavailability of mission critical information would result in consequences such as significant financial loss, institutional embarrassment, and failure to comply with regulations or legal obligations, or closure of the University or department.
Owner of Information Resources: an entity responsible for:
a business function (Department Head)
determining controls and access to information resources.
1. Security monitoring of information resources shall be implemented based on risk management decisions by the resource information owner(s).
a.Mission critical or confidential information resource systems shall, at a minimum, enable operating system logging features. Automated tools shall be used where deemed beneficial by the resource owner based on risk management decisions.
2.Non mission critical and non confidential information resource systems may enable operating system logging features and other security monitoring features.
3.Network security monitoring will be conducted by Information Technology Services. Any other monitoring shall be coordinated with Information Technology Services, at 936-261-9300.
4.Logs and other data generated by security monitoring shall be reviewed periodically.
5.Where feasible, a security baseline shall be developed for determining controls and access to information resources by conducting an annual security risk assessment using the ISAACS tool.
6.Any significant security issues discovered and all signs of unauthorized activity shall be reported using the procedures detailed in the Incident Management procedure.
2003-2009 PRAIRIE VIEW A & M UNIVERSITY - ALL RIGHTS RESERVED
P.O. Box 519 - Prairie View, Texas - 77446-0519
FM 1098 Rd & University Dr, Prairie View, TX 77446
University Operator: (936) 261-3311
Best viewed with IE 7.x+ or FireFox 3.x+