Description

The purpose of the information system security monitoring policy is to ensure that information resource security controls are in place, effective, and not being bypassed. One of the benefits of security monitoring is the early identification of wrongdoings or new security vulnerabilities. Security Monitoring is a method used to confirm that the security practices and controls in place are being adhered to and are effective. Monitoring consists of activities such as the review of: user account logs, application logs, data backup and recovery logs, automated intrusion detection system logs, etc.

Applicability

  • This Control applies to all high and moderate impact university information resources, confidential information, and other information resources as may be managed by Texas A&M University.

  • The purpose of the implementation of this Control is to provide a set of measures that will mitigate information security risks associated with security monitoring. There may be other or additional measures that will provide appropriate mitigation of the risks. The assessment of potential risks and the application of appropriate mitigation measures are to be determined by the information resource owner or their designee.

  • The intended audience is all individuals that are responsible for the installation of new information resources, the operations of existing information resources, and individuals charged with information resources security.

Implementation

  • 1

    Security monitoring of information resources shall be implemented based on risk management decisions by the resource information owner.

    • 1.1

      High or moderate information resources shall, at a minimum, enable operating system logging features. Automated tools shall be used where deemed beneficial by the resource owner.

    • 1.2

      Low impact information resources may enable operating system logging features and other security monitoring features.

    • 1.3

      Network security monitoring will be conducted by the Technology Services security team. Any other monitoring shall be coordinated with them. They can be contacted through the IT Help Desk at (979) 845-8300.

    • 1.4

      Logs and other data generated by security monitoring shall be reviewed periodically based on risk management decisions by the system administrator.

  • 2

    Where feasible, a security baseline shall be developed and automated detection tools shall report deviations from the baseline for high impact information resources.

  • 3

    Any significant security issues discovered and all signs of unauthorized activity shall be reported according to Control IR-6, Incident Reporting.