SEHD Wiki

A source for policies, procedures, handbooks and other resources from the School of Education and Human Development

User Tools

Site Tools

You are here: Welcome to the SEHD Wiki! » SEHD Policies and Procedures » Data Privacy Policies » Log-in Monitoring
policy:data_privacy:log-in_monitoring

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
policy:data_privacy:log-in_monitoring [2019/03/28 19:24] – created tonyromeropolicy:data_privacy:log-in_monitoring [2019/06/05 20:08] (current) tonyromero
Line 1: Line 1:
-====== Policy Template ======+====== Log-in Monitoring ======
  
-Here's some formatting stuff to show off what a policy could look like.+==== University Internal Standard ====
  
-===== Sub Heading =====+OIT has an internal standard for logging, monitoring and auditing that applies to all servers managed by CU Denver OIT. Click her to view the version that was effective as of July 1, 2017. Please contact OIT's Risk and Compliance team for the most up to date version.
  
-:!: **Important: **Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean eu eleifend orci, vel scelerisque nisi. Praesent finibus euismod auctor. Cras leo massa, auctor eu cursus nec, volutpat eu sapien. Cras mollis euismod diam, eu viverra elit ornare sit amet. Mauris vel dolor vel magna molestie eleifend tempor vitae massa. Phasellus at lacus a libero pharetra imperdiet vitae sed lorem. Pellentesque eu dictum sem.+According to the standard the following details are logged and saved on a centralized logging server for at least six months:
  
-**Note:** Lorem ipsum dolor sit ametconsectetur adipiscing elit. +  - Timestamp 
-===== Headline =====+  - Eventstatus, and/or error codes 
 +  - Service/command/application name 
 +  - User or system account associated with an event 
 +  - Device used (e.g. source and destination IPs, terminal session ID, web browser, etc)
  
-Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean eu eleifend orci, vel scelerisque nisi. Praesent finibus euismod auctor. Cras leo massa, auctor eu cursus nec, volutpat eu sapien. Cras mollis euismod diam, eu viverra elit ornare sit amet. Mauris vel dolor vel magna molestie eleifend tempor vitae massa. Phasellus at lacus a libero pharetra imperdiet vitae sed lorem. Pellentesque eu dictum sem.+The events related to the following categories are logged:
  
-----+  Operating System(OS) Events 
 +  OS Audit Records 
 +  Application Account Information 
 +  Application Operations 
 +  - File Access (files containing ePHI or Highly Confidential information)
  
-===== Various Underlines =====+==== University of Colorado Denver HIPPA Policy ====
  
-Lorem ipsum dolor sit ametconsectetur adipiscing elitAenean eu eleifend orci, vel scelerisque nisiPraesent finibus euismod auctorCras leo massa, auctor eu cursus nec, volutpat eu sapienCras mollis euismod diam, eu viverra elit ornare sit ametMauris vel dolor vel magna molestie eleifend tempor vitae massaPhasellus at lacus libero pharetra imperdiet vitae sed lorem. Pellentesque eu dictum sem.+As applicablethe most secure SEHD data are subject to the UCD Auditing [[http://www.ucdenver.edu/research/Research Administration Documents/9.3 Auditing.pdf|HIPAA Policy 9.3.]] The auditing policy requires units that hold medium to high risk ePHI must create Audit Control and review PlanWithin that plan it states:
  
-===== List Items =====+> The system hardware, software, and applications must have the capability of creating log files. These logs must include, but are not limited to:
  
-  - One +  - User ID; 
-  - something +  - Login date/time; and, 
-  - three +  - Activity time.
-  - eleven +
-  - five hundred((I'm adding a footnote to this list item, it will show up at the bottom.))+
  
-Lorem ipsum dolor sit amet, consectetur adipiscing elitAenean eu eleifend orcivel scelerisque nisi. Praesent finibus euismod auctor. Cras leo massa, auctor eu cursus nec, volutpat eu sapien. Cras mollis euismod diam, eu viverra elit ornare sit amet. Mauris vel dolor vel magna molestie eleifend tempor vitae massa. Phasellus at lacus a libero pharetra imperdiet vitae sed lorem. Pellentesque eu dictum sem. +>  Units must monitor login success and failure to systems that host ePHITo ensure that unauthorized login attempts are discovereddiscrepancies or unusual login patterns must be reported to the department administrator and HIPAA Security Officer.
- +
----- +
- +
-==== Slightly Lower Header ==== +
- +
-|We can also use tables|for describing various policies| +
-| | | +
-| | | +
- +
-\\+
  
  
policy/data_privacy/log-in_monitoring.1553801070.txt.gz · Last modified: 2019/03/28 19:24 by tonyromero