UIS.205 Information Security Audit Logging Policy

200. Information Systems Security

Purpose 

Georgetown University Information Services has developed and implemented the Information Security Audit and Logging Policy and procedures to protect critical resources from threats, intrusions, and misuse in order to ensure business continuity and to minimize risk to the University’s information systems, data, and its faculty, staff, and students. Directed by the Chief Information Security Officer (CISO), these policies set the information security standards for audit logs, which include network access logs, system logs, authentication logs, or any other data which correlate a network or system activity with a user and/or time. 

Scope 

The Information Security audit Logging policy and supporting requirements apply to all information technology assets, systems, networks, and data hosts that are owned by, managed by and/or sponsored by Georgetown. This policy is also applicable to the faculty, staff, researchers, affiliates, suppliers, and students who own, operate, or maintain these systems for University business, academia, and research. 

Policy 

Georgetown University has adopted the security audit and accountability principles established in NIST SP 800-171 “Audit and Accountability” control guidelines as the official policy for this security domain. Each system administrator and system owner must adhere to the guidelines and procedures associated with this policy in order to support and be compliant with the University information security framework.  

The system audit logging policy is to ensure that there is accurate and regular collection of system information to assist in detecting security violations, unauthorized data disclosures as well as performance problems and application flaws; these audit logs can account for, respond to, and minimize the impact of incidents that can impact the University’s information systems. 

Any information system that is in operation to collect, transmit, process, store or host University data must have adequate mechanisms in place to record auditable events and log them in a manner that is accessible to the Information Security Office (UISO) on a regular and set schedule. 

Failure to collect, protect, and make these logs available can result in the loss of data integrity, unavailability of data, and/or unauthorized use of data or information systems critical to the operation and mission of the University.