OUHSC Information Technology Department


OU Norman IT
OU Tulsa IT
Home  |  Online Help  |  Policies  |  Forms  |  Tier Ones
   
powered by

Activity (Log) review policy

Supporting documents: Full policyAdobe PDF File

For all information system resources which contain or access data classified as “sensitive” per the data classification standard, processes must be in place to ensure the access and activity is recorded and reviewed (audited).

The level and type of auditing mechanisms will be determined by the information system resource classification.  At a minimum the following activity will be monitored:

  • Use of a privileged account
  • Information system resource start-up or stop
  • Failed authentication attempts
  • General login activity
  • Password change activity
  • Data modification where required for regulatory compliance

The appropriate hardware, software, or procedural auditing mechanisms must be implemented and at a minimum, these mechanisms must provide the following information:

  • Date and time of activity
  • Origin of activity
  • Identification of user performing activity
  • Description of attempted or completed activity

The recorded activity created by audit mechanisms for these information system resources must be reviewed regularly.  The frequency of such review will be determined by the information system resource classification. 

This review must be via a formal documented process which at a minimum will include:

  • Defining who will review records of activity
  • Defining what activity is significant
  • Defining which activity records need to be archived and for what period of time
  • Defining what activity constitutes a security incident to be reported
  • Defining the procedures for preserving records of significant activity
Whenever possible an employee should not monitor or review activity related to their own user account.
Copyright © 2006 The Board of Regents of the University of Oklahoma, All Rights Reserved.- Disclaimer | Copyright