91¶ÌÊÓƵ

Security Monitoring & Logging Standard

Date of Current Revision or Creation:Ìý¶Ù±ð³¦±ð³¾²ú±ð°ùÌý2023

The purpose of an Information Technology Standard is to specify requirements for compliance with Old Dominion 91¶ÌÊÓƵ Information Technology policies, other 91¶ÌÊÓƵ policies, as well as applicable laws and regulations. Standards may include business principles, best practices, technical standards, migration and implementation strategies, that direct the design, deployment and management of information technology.

Purpose

The purpose of this standard is to identify the responsibilities for security monitoring and logging of IT system activity.

Definitions

Information Security Office is the unit within the Office of Computing and Communications Services responsible for overseeing efforts to protect ODU’s computing and information assets and to assist in compliance efforts with information-related laws, regulations, and policies.

Information Security Officer (ISO) is responsible person for developing, reviewing, evaluating, and managing the 91¶ÌÊÓƵ’s Information Security Program.

Logging is an essential information security control that is used to identify, respond, and prevent operational problems, security incidents, policy violations, fraudulent activity; optimize system and application performance; assist in business recovery activities; and, in many cases, comply with federal, state, and local laws and regulations.

System Compliance Owner is the manager responsible for operation and maintenance of a 91¶ÌÊÓƵ IT system.Ìý

Standards 91¶ÌÊÓƵment

General Logging Activity

Logging is to be enabled on all IT systems.

Employees or other designated individuals with responsibility for logging have some flexibility in determining the detail contained in logs within their areas of responsibility. The detail of information contained in a log depends on the risks to the relevant IT resource and underlying data. However, all system logs must contain a time-stamp associated to the logged event synchronized to the 91¶ÌÊÓƵ's Network TimeServer (NTP.) Time Stamps should be in local time or UTC (coordinated Universal Time).

System logs should be devoid of any unencrypted sensitive data, passwords, financial data or personally identifiable information prior to being forwarded to a log management system or any other destination. Local logs that contain sensitive data is generally acceptable as long as the logs are stored appropriately, they should not be sent to a syslog server.

Prohibited Logging

The use of keystroke logging, except when required for security investigations and approved in writing by the 91¶ÌÊÓƵ President, is prohibited.

Responsibilities

System Compliance Owners and/or Application Administrators are responsible for the development and implementation of application logging capabilities and the creation and maintenance of detailed procedures for reviewing and administering the logs.

The Information Security Officer is responsible for Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) logging.

Information Security Office staff is responsible for monitoring security event logs, correlating information with other automated tools, identifying suspicious activities, and providing alert notifications.

Data Center Operations staff is responsible for monitoring the production computing environment and providing alert notifications.

The Database Administration staff is responsible for monitoring the availability and performance of the databases and for providing corrective actions and/or alert notifications.

Compliance

Centralized and departmental IT units and custodians are responsible for ensuring appropriate compliance with this standard for IT resources within their areas of responsibility and are responsible for documenting appropriate compliance.

Procedures, Guidelines & Other Related Information

• 91¶ÌÊÓƵ Policy 3501 - Information Technology Access Control Security Policy
• 91¶ÌÊÓƵ Policy 3505 - Information Technology Security Policy
• Information Security Program
• Internal Procedures

History