...
Refer to the Rowan University Technology Terms and Definitions for terms and definitions that are used in this policy.
V. POLICY
- All Rowan University Information and Information Technology which includes but is not limited to: servers, workstations, and network access devices are subject to ongoing monitoring. The inappropriate use of these systems and/or networks which violates the University’s policies or local, state and federal laws will be investigated as needed. The Information Security Office (ISO) will be responsible for conducting these investigations under the direction of the Information Security Officer.
- The Chief Information Officer (CIO) holds ultimate authority for the coordination of all Information Technology (IT) resources across the University. Accordingly, to facilitate effective security monitoring, discovery, and incident response, administrators of University owned or managed IT systems outside the direct management of Information Resources and Technology (IRT) must grant IRT personnel, Security Operations Department and the Director of the Information Security Office, comprehensive administrative access at the time of system implementation. This mandate encompasses all existing and future platforms and systems excluding those dedicated to confidential research. It is incumbent upon system owners to actively maintain this access level for these IRT departments, ensuring continuity through any system updates or modifications to the systems or credentials.
The Information Security Officer has the right to disclose the contents of electronic files, as required by law, Internal Audit, or General Counsel.
All security monitoring will be performed by ISO unless authorized by the Information Security Officer.
All security-related anomalies or other suspicious activity should be reported to the ISO for investigation.
All security investigations will be managed and/or coordinated by the ISO. Departments are strictly prohibited from conducting their own internal security investigations.
Automated tools will be used to provide real time notification of detected security events and vulnerabilities. Where possible, a security baseline will be developed and the tools will report exceptions. Where feasible, these tools will be deployed to monitor:
Internet traffic
Electronic mail traffic
LAN traffic, protocols, and IT inventory
System security parameters
Privilege escalation
Privilege group membership
Where feasible, the following files will be checked for signs of security issues and vulnerability exploitation at a frequency determined by risk:
Intrusion detection system logs
Firewall logs
User account logs
Network scanning logs
System error logs
Application logs
Data backup and recovery logs
Help Desk trouble tickets
Telephone activity – call detail reports
Network printer and fax logs
Where feasible, the following checks will be performed monthly or a frequency determined by risk:
Password strength
Unauthorized network devices
Unauthorized personal web servers
Unsecured sharing of devices
Unauthorized connections
Operating system and software licenses
Any discovery of security issues will be reported to ISO for follow-up investigation.
IRT may disconnect or disable accounts, systems and or networking devices when monitoring detects the following issues:
Unauthorized devices or software
Unauthorized group membership
Unauthorized access
Other security incidents
...