System Surveillance

Purpose

To ensure that adequate monitoring and follow-up is taking place when unusual system activity is occurring.

Scope

All corporate automated application systems in use at University of Houston.

Standard

Ongoing monitoring of the entire computing environment should be performed by the system manager in order to detect abnormal situations that might indicate a potential security breach.

Guidelines

 

  1. Outage and incident tracking - Historical information regarding the nature, duration and resolution of system problems should be developed. Average incident activity figures should be compared with current data as a means of detecting abnormal conditions.
  2. Violations of access controls should be recorded and reviewed by either the owner or the custodian of the information. If appropriate, the violation should be reported to the individual's manager, auditing, or both. Repeated violations or violation attempts must be reported to the individual's manager.
  3. Ensure that the operating system provides threat-monitoring information. The system should record data on the following events as often as the user desires: