Explainer: Log Management and Monitoring Rule (4-004J)
The University of Utah’s Log Management and Monitoring Rule (4-004J) supports the Information Security Policy (4-004). The U’s IT security policy, rules, and procedures aim to protect the university’s IT resources, systems, and data, including that of students, patients, faculty, staff, guests, vendors, and others.
What does it say?
The Log Management and Monitoring Rule outlines the configuration, review, and IT security requirements for log management and monitoring of the university’s information systems. For example, audit logs must capture user activities (e.g., login and logoff dates and times), password events, successful and unsuccessful data or file permission changes (e.g., read, write, modify or update, delete), and system configuration changes.
Why should I care?
Log management and monitoring helps to detect unauthorized activity, assist in IT security incident investigations, and protect the university’s information systems and the data they create, store, process, and maintain.
If cybercriminals gain access to the university’s IT systems and resources and their activities go unnoticed, they could potentially steal confidential information and deploy ransomware. IT security breaches can also harm the U’s finances and reputation, and the privacy of U students, patients, faculty, and staff.
Who does it apply to?
The rule applies to all U students, faculty, staff, patients, and business partners, although the university and its IT staff are primarily responsible for compliance.
Up next in the July Node 4 newsletter — Backup and Recovery Rule (4-004K)
Node 4
Our monthly newsletter includes news from UIT and other campus/ University of Utah Health IT organizations, features about UIT employees, IT governance news, and various announcements and updates.