About this policy
Policy contact:
Date of last update:
March 20, 2020
Policy statement
All servers on the Luddy School networks will employ secure logging that meets the following requirements per IU IT Policy IT-12:
- Logging all successful system logins and failed attempts
- Logging all failed file accesses
- Logging all successful file accesses for sensitive data
- Daily reporting and review of this data
All log data will be transmitted via encrypted channels to secure central servers to ensure that data cannot be erased or altered on a local server. All log data will retained for a minimum of 60 days.
Exceptions to policy
Given the unique computing requirements of computing research being done within the school, systems may need to run operating systems and software not supported by the Luddy ITG. Such cases are governed by the IT Policy: Administrator and Self-Managed Systems and ITG staff will work with system managers to ensure compliance with this logging policy. Exceptions require approval of the Luddy IT Director and the Luddy Chief Information Privacy and Security Officer and exceptions will not be granted for any system that stores, transmits, or manipulates Institutional Data (Critical/Restricted/University-Internal) of any kind.
Procedures
The following methods are approved for use to meet the logging requirements:
TechSelect Log-ALERT - TechSelect provides a logging system approved for use by IU Audit which is managed per Log-ALERT with Splunk Administration