Intrusion Detection/Prevention and Security Monitoring Policy:   IX

 

PURPOSE:

The SPC Information Security Office is charged with securing all SPC owned information technology resources, both centralized and decentralized, and has the responsibility and College-wide authority to monitor the use of information technology resources to confirm that security practices and controls are in place, are effective, and are not being bypassed. 

The purpose of the Intrusion Detection/Prevention and Security Monitoring Policy is to outline College policy regarding the monitoring, logging and retention of network packets that traverse SPC networks, as well as observe events to identify problems with security policies, document existing threats and evaluate/prevent attacks. 

Intrusion Detection and Prevention systems focus on identifying possible incidents, logging information about them, and reporting attempts to security administrators.  It plays an important role in implementing and enforcing security policies. 

SPC takes reasonable measures to assure the integrity of private and confidential electronic information transported over its networks and to detect attempts to bypass the security mechanisms of information resources.  This will allow for early detection of wrongdoing, new security vulnerabilities, or new unforeseen threats to information technology resources, thus minimizing the potential harmful impact.

 

SCOPE:

The Intrusion Detection/Prevention and Security Monitoring Policy applies to all individuals that are responsible for the installation of new information technology resources, the operation of existing information technology resources and individuals charged with information technology resource security.

 

POLICY STATEMENT:

SPC considers all electronic information transported over the College network to have the potential to be private and confidential. Network and system administrators are expected to treat the contents of electronic packets as such.

 

While it is not the policy of SPC to actively monitor internet activity on the network, it is sometimes necessary to examine such activity when a problem has occurred or when optimizing traffic on the College’s internet links. Any inspection of electronic data packets, and any action performed following such inspection, will be governed by all applicable federal and state statutes and by SPC policies.

 

Audit logging, alarms and alert functions of operating systems, user accounting, application software, firewalls and other network perimeter access control systems will be enabled and reviewed annually. System integrity checks of the firewalls and other network perimeter access control systems will be performed annually. All suspected and/or confirmed instances of successful and/or attempted intrusions must be immediately reported to the Information Security Officer.

 

Automated tools will provide real-time notification of detected wrongdoing and vulnerability exploitation. Where possible, a security baseline will be developed and the tools will report exceptions. These tools will be deployed to monitor:

  • Internet traffic
  • Electronic mail traffic
  • Local Area Network (LAN) traffic; protocols, and device inventory
  • Operating system security parameters

 

The following files will be checked for signs of wrongdoing and vulnerability exploitation at a frequency determined by risk:

  • Automated intrusion detection system logs
  • Firewall logs
  • User account logs
  • Network scanning logs
  • System error logs
  • Application logs
  • Data backup and recovery logs
  • Service desk trouble tickets and telephone call logs
  • Network printer logs

 

The following checks will be performed at least annually by assigned individuals:

  • Password strength
  • Unauthorized network devices
  • Unauthorized personal web servers
  • Unsecured sharing of devices
  • Operating system and software licenses 

Any security issues discovered will be reported immediately to the Information Security Officer (ISO).

Related Policies, References and Attachments:

An index of approved SPC-IS policies can be found on the SPC Policies website at https://www.southplainscollege.edu/human_resources/policy_procedure/?%20.  The SPC Information Security Program and SPC Information Security User Guide are also available on the Information Technology Services Policies website.

DIR Security Controls Catalog Control Group: SI-4

Approved by:  Executive Council, April 4, 2019

Next Review: October 1, 2020