Security Monitoring is a method used to confirm that the security practices and controls in place are being adhered to and are effective. Monitoring consists of activities such as the review of: user account logs, application logs, data backup and recovery logs, automated intrusion detection system logs, etc. The purpose of security monitoring is to ensure that information resource security controls are in place, are effective, and are not being bypassed. One of the benefits of security monitoring is the early identification of wrongdoing or new security vulnerabilities.
This procedure applies to all University information resources. The purpose of this procedure is to provide a set of measures that will mitigate information security risks associated with Security Monitoring. The intended audience for this procedure includes, but is not limited to, all information resources data/owners, management personnel, and system administrators.
1. Security monitoring of information resources shall be implemented based on documented risk management decisions by the resource information owner(s). Mission critical or confidential information resource systems shall, at a minimum, enable operating system logging features. Automated tools shall be used where deemed beneficial by the resource owner based on risk management decisions.
a. Non-mission critical and non-confidential information resource systems may enable operating system logging features and other security monitoring features.
b. Network security monitoring will be conducted by Information Technology. Any other monitoring shall be coordinated with Information Technology.
c. Logs and other data generated by security monitoring shall be reviewed periodically.
2. Where feasible, a security baseline shall be developed for determining controls and access to information resources by conducting an annual security risk assessment using the ISAAC tool.
3. Any significant security issues discovered and all signs of unauthorized activity shall be reported using the procedures detailed in University Information Security Standard Administrative Procedure, Incident Management.
University Information Security Standard Administrative Procedure, Incident Management
Last Updated March 31, 2014
To request a change to this page or to request access to make changes yourself, email helpdesk@tamuc.edu.