101 Information Security Status Monitoring, Reporting, and Review
| Requirement | All Users | System Owners | System Custodians/ Administrators | Departments, Schools, Units |
|---|---|---|---|---|
| Security system monitoring must be approved by the OIS (p. 2). | ✔ | |||
| Audit and monitoring processes that include log monitoring, management, and review will be implemented (p. 2). | ✔ | ✔ | ||
| Assign accountability for maintaining logs (p. 2). | ✔ | |||
| Generate and maintain log records (p. 2). | ✔ | |||
| Determine log management mechanism to support formatting and storage of audit logs (p. 2). | ✔ | |||
| Coordinate with IT to ensure integrity of logs (p.2). | ✔ | |||
| The physical environment, network segments, systems, endpoints, and account access will be monitored (p. 3). | ✔ | |||
| Logging is enabled on all servers and applications (p. 3). | ✔ | |||
| Send security logs from centralized logging platform to OIS SIEM upon request (p. 3). | ✔ | |||
| Protect logs against alteration (p. 4). | ✔ | |||
| Keep logs containing sensitive information confidential; limit access to system custodians, administrators, and OIS staff (p. 4). | ✔ |
Summary of Policy
Audit and Accountability (101.01)
The OIS will define, document, enable, and retain records of audits and logs. These records will be monitored continuously and reviewed regularly.
Monitoring for Events (101.02)
The OIS will develop a standard for logging and monitoring university systems, network segments, systems, accounts, and applications based on information and system classification.
The OIS, system administrators, and system owners will develop, document, and implement monitoring and review procedures according to the standard.
Log Collection (101.03)
System Custodians/System Administrators will ensure logging is enabled on all servers and
Applications. If logging is not possible or practical, the OIS must review and approve a policy exception request.
Log Monitoring (101.04)
Using an SIEM product to centralize, correlate, and analyze logs of activity in network segments and systems, the OIS will analyze events, detect trends and patterns, and identify suspicious activities.
Log Management (101.05)
The log management system will support the formatting and storage of audit logs, the
maintenance of log integrity, and the analysis and reporting of logs at the enterprise-level.
Investigations (101.06)
The OIS will manage and coordinate investigations of suspicious or anomalous activity detected in logs.
Full Text of Policy
Policy 101 Information Security Status Monitoring, Reporting, and Review
The policy communicates logging requirements for academic, clinical, administrative, research, and technical information security activities at WashU.
Related Information
Policy 109 Information Security Incident Reporting, Response, and Recovery
The policy communicates a planned and systematic approach to incident handling from reporting to recovery and analysis.
201 Information Security Logging and Event Monitoring
This standard describes logging practices for events occurring within networks and systems of Washington University in St. Louis (WashU).