Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Refer to the Rowan University Technology Terms and Definitions for terms and definitions that are used in this policy.

V. POLICY

  1. All Rowan University Information and Information Technology which includes but is not limited to: servers, workstations, and network access devices are subject to ongoing monitoring. The inappropriate use of these systems and/or networks which violates the University’s policies or local, state and federal laws will be investigated as needed. The Information Security Office (ISO) will be responsible for conducting these investigations under the direction of the Information Security Officer.
  2. The Chief Information Officer (CIO) holds ultimate authority for the coordination of all Information Technology (IT) resources across the University.  Accordingly, to facilitate effective security monitoring, discovery, and incident response, administrators of University owned or managed IT systems outside the direct management of Information Resources and Technology (IRT) must grant IRT personnel, Security Operations Department and the Director of the Information Security Office, comprehensive administrative access at the time of system implementation. This mandate encompasses all existing and future platforms and systems excluding those dedicated to confidential research.  It is incumbent upon system owners to actively maintain this access level for these IRT departments, ensuring continuity through any system updates or modifications to the systems or credentials.
  3. The Information Security Officer has the right to disclose the contents of electronic files, as required by law, Internal Audit, or General Counsel.

  4. All security monitoring will be performed by ISO unless authorized by the Information Security Officer.

  5. All security-related anomalies or other suspicious activity should be reported to the ISO for investigation.

  6. All security investigations will be managed and/or coordinated by the ISO. Departments are strictly prohibited from conducting their own internal security investigations.

  7. Automated tools will be used to provide real time notification of detected security events and vulnerabilities. Where possible, a security baseline will be developed and the tools will report exceptions. Where feasible, these tools will be deployed to monitor:

    1. Internet traffic

    2. Electronic mail traffic

    3. LAN traffic, protocols, and IT inventory

    4. System security parameters

    5. Privilege escalation

    6. Privilege group membership

  8. Where feasible, the following files will be checked for signs of security issues and vulnerability exploitation at a frequency determined by risk:

    1. Intrusion detection system logs

    2. Firewall logs

    3. User account logs

    4. Network scanning logs

    5. System error logs

    6. Application logs

    7. Data backup and recovery logs

    8. Help Desk trouble tickets

    9. Telephone activity – call detail reports

    10. Network printer and fax logs

  9. Where feasible, the following checks will be performed monthly or a frequency determined by risk:

    1. Password strength

    2. Unauthorized network devices

    3. Unauthorized personal web servers

    4. Unsecured sharing of devices

    5. Unauthorized connections

    6. Operating system and software licenses

  10. Any discovery of security issues will be reported to ISO for follow-up investigation.

  11. IRT may disconnect or disable accounts, systems and or networking devices when monitoring detects the following issues:

    1. Unauthorized devices or software

    2. Unauthorized group membership

    3. Unauthorized access

    4. Other security incidents

...