The Official Web site for the Office of Information Technology - UTSA

This document should be rendered in an HTML format with cascading style sheets and JavaScript turned on.

Office of Information Technology Home Page

Skip to Main Content

Skip to Navigation

Please take a few minutes to read our Accessibility Page which will make your visit through this Web site easier.

Copyright (c) 2010. The University of Texas at San Antonio. All rights reserved.

OIT Home > About OIT > Information Resource Standards > Security Monitoring Standard

Security Monitoring Standard

Purpose - Security Monitoring provides a means by which to confirm that information resource security controls are in place, are effective and are not being bypassed. One of the benefits of security monitoring is the early identification of wrongdoing or new security vulnerabilities. Early detection and monitoring can prevent possible attacks or minimize their impact on computer systems. Other benefits include audit compliance, service level monitoring, performance measuring, limiting liability and capacity planning. This standard serves as a companion to the Intrusion Detection Standard and provides for the continuous monitoring that takes place at the system level.

Audience - The UTSA Security Monitoring Standard applies to all individuals who are responsible for the installation of new information resources, the operations of existing information resources and individuals charged with information resource security.

  1. UTSA will use automated tools to provide real-time notification of detected wrongdoing and vulnerability exploitation. Where possible, a security baseline will be developed and the tools will report exceptions. These tools will be deployed by the Office of Information Technology (OIT) to monitor UTSA computers and devices for:

    1. Internet traffic

    2. Electronic mail traffic

    3. LAN traffic, protocols and device inventory

    4. Operating system security parameters

    5. Rogue access points/devices

    6. Installed software on servers and desktops

  2. The following files will be checked for signs of illicit activity and vulnerability to exploitation at a frequency determined by risk:

    1. Automated intrusion detection system logs

    2. Firewall logs

    3. User account logs

    4. Network scanning logs

    5. System error logs

    6. Configuration files

    7. Application logs

    8. Data backup and recovery logs

    9. OITConnect trouble tickets

    10. Telephone activity – Call Detail Reports

    11. Network printer and fax logs

  3. Assigned individuals will monitor the following (at least annually):

    1. Password strength

    2. Unauthorized network devices

    3. Unauthorized personal Web servers

    4. Unsecured sharing of devices

    5. Unauthorized modem use

    6. Operating System and software licenses

  4. For audit purposes, logs will be archived for a minimum of 90 days.

  5. Any security issues discovered will be reported to the Information Security Officer (ISO) for follow-up investigation.

Account Management

Disposal of Computers
Other Electronic Devices

Laptop Encryption

Policy Exception and Risk Assumption Procedures

Administrative/Special Access

E-Mail Management

Log-in Disclaimer

Security Monitoring

Application Registration

Incident Management

Network Access

Security Training

Enterprise Backup &
Data Recovery

Information Resource Use and Security (pending)

Network Configuration

Server Hardening

Change Management

Information Security Risk Assessment

Password

Software Licensing

Computer Naming Convention

Information Security Administrator (ISA)

Patch Management Standard

Threat Detection and Prevention

Configuration and Asset Management

Information Security Training Standard

Personal Computing

Unauthorized File Sharing

Copiers and Printers

Information Services Privacy

Physical Access

Vendor Access

Data Center

Internet Use

Portable Computing

Web Application Vulnerability Scanning

Data Classification

Intrusion Detection

Protection Against Malicious Software

Wireless Network

 

 

 

Workstation Operating Systems Support

Tools