Information System Monitoring (SI-4)

| Show Notes
Created August 12, 2016

Description

The purpose of the information system security monitoring policy is to ensure that information resource security controls are in place, effective, and not being bypassed. One of the benefits of security monitoring is the early identification of wrongdoings or new security vulnerabilities.

Security Monitoring is a method used to confirm that the security practices and controls in place are being adhered to and are effective. Monitoring consists of activities such as the review of: user account logs, application logs, data backup and recovery logs, automated intrusion detection system logs, etc.

Applicability

This Control applies to all university managed information resources containing mission critical information, confidential information, and other information resources as may be managed by Texas A&M University.

The purpose of the implementation of this Control is to provide a set of measures that will mitigate information security risks associated with security monitoring. There may be other or additional measures that will provide appropriate mitigation of the risks. The assessment of potential risks and the application of appropriate mitigation measures are to be determined by the information resource owner or their designee.

The intended audience is all individuals that are responsible for the installation of new information resources, the operations of existing information resources, and individuals charged with information resources security.

Implementation

1

Security monitoring of information resources shall be implemented based on risk management decisions by the resource information owner.

1.1

Mission critical or confidential information resource systems shall, at a minimum, enable operating system logging features. Automated tools shall be used where deemed beneficial by the resource owner.

1.2

Non-mission critical and non-confidential information resource systems may enable operating system logging features and other security monitoring features.

1.3

Network security monitoring will be conducted by the Division of IT security team. Any other monitoring shall be coordinated with them. They can be contacted through the IT Help Desk at (979) 845-8300.

1.4

Logs and other data generated by security monitoring shall be reviewed periodically based on risk management decisions by the system administrator.

2

Where feasible, a security baseline shall be developed and automated detection tools shall report exceptions for mission critical and/or confidential information.

3

Any significant security issues discovered and all signs of unauthorized activity shall be reported according to Control IR-6, Incident Reporting.