{"id":2531,"date":"2025-04-25T21:50:43","date_gmt":"2025-04-25T21:50:43","guid":{"rendered":"https:\/\/www.tarleton.edu\/technology\/?page_id=2531"},"modified":"2025-04-25T21:50:43","modified_gmt":"2025-04-25T21:50:43","slug":"tarleton-oits-intrusion-detection-standard","status":"publish","type":"page","link":"https:\/\/www.tarleton.edu\/technology\/tarleton-oits-intrusion-detection-standard\/","title":{"rendered":"Tarleton OITS Intrusion Detection Standard"},"content":{"rendered":"\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:66.66%\">\n<h1 class=\"wp-block-heading\">Tarleton Office of Innovative Technology Solutions (OITS) <br> Intrusion Detection Standard<\/h1>\n\n\n\n<p>Effective: February 11, 2020<\/p>\n\n\n\n<p>Revised:\u00a0 April 25, 2025\u00a0<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:33.33%\">\n<figure class=\"wp-block-image alignright size-large is-resized\"><img decoding=\"async\" src=\"https:\/\/www.tarleton.edu\/technology\/wp-content\/uploads\/sites\/170\/2021\/12\/Tarleton_TonTexas.svg\" alt=\"The Tarleton State University logo\" class=\"wp-image-670\" style=\"width:159px;height:auto\" \/><\/figure>\n<\/div>\n<\/div>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<hr class=\"wp-block-separator alignfull has-alpha-channel-opacity has-vivid-cyan-blue-to-vivid-purple-gradient-background has-background is-style-wide\" \/>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Procedure Summary<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Intrusion detection plays an important role in implementing and enforcing an organizational security policy. As information systems grow in complexity, effective security systems must evolve. With the proliferation of the number of vulnerability points introduced by the use of distributed systems, some type of assurance is needed that the systems and network are secure. Intrusion detection systems can provide part of that assurance. Intrusion detection provides two important functions in protecting information resources.\u00a0\u00a0<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Feedback is information that addresses the effectiveness of other components of a security system. If a robust and effective intrusion detection system is in place, the lack of detected intrusions is an indication that other defenses are working.\u00a0\u00a0<\/li>\n\n\n\n<li>A trigger is a mechanism that determines when to activate planned responses to an intrusion incident\u00a0\u00a0<\/li>\n<\/ul>\n\n\n\n<p>Tarleton State University\u2019s (Tarleton or university) information resources are strategic assets which, as property of the State of Texas, must be managed as valuable state resources in accordance with <a href=\"https:\/\/statutes.capitol.texas.gov\/Docs\/GV\/htm\/GV.2054.htm\">Texas Government Code Chapter 2054<\/a>. This standard applies to Tarleton State University information resources that store, process, or transmit mission critical and\/or confidential information.&nbsp;&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-group word-wrap: normal is-layout-flow wp-block-group-is-layout-flow\">\n<p>The purpose of this standard is to provide a set of measures that will mitigate information security risks associated with intrusion detection. There may be other or additional measures that will provide appropriate mitigation of the risks. The assessment of potential risks and the application of appropriate mitigation measures will be determined by the information resource owner or their designee. In accordance with <a href=\"https:\/\/texas-sos.appianportalsgov.com\/rules-and-meetings?chapter=202&amp;interface=VIEW_TAC&amp;part=10&amp;title=1\">Texas Administrative Code (TAC) Chapter 202 \u2010 Information Security Standards<\/a>, each department and\/or resource owner may elect not to implement some or all of the risk mitigation measures provided in this standard based on information security risk management decisions and business functions. Such risk management decisions must be documented and reported to the designated information security officer. The intended audience for this standard includes, but is not limited to, all information resources data owners, management personnel, and system administrators.\u00a0\u00a0<\/p>\n\n\n\n<p>Please see the <a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/\"><a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/incident-response-ir\/ir-1-incident-response-policy-and-procedures\/\">Tarleton Security Controls Catalog, specifically the Incident Response (IR) family<\/a><\/a>, for additional information and requirements.<\/p>\n<\/div>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Procedures and Responsibilities<\/strong>&nbsp;<\/h2>\n\n\n\n<ul class=\"wp-block-list its-nested-list\">\n<li>Prevention and Detection\n<ul class=\"wp-block-list\">\n<li>Operating system, user accounting, and application software audit logging processes shall be enabled on all host and server systems where resources permit.\u00a0\u00a0<\/li>\n\n\n\n<li>Alarm and alert functions, as well as audit logging of any firewalls and other network perimeter access control systems, shall be enabled.\u00a0\u00a0<\/li>\n\n\n\n<li>Audit logs from the network perimeter access control systems shall be monitored\/reviewed as risk management decisions warrant.\u00a0\u00a0<\/li>\n\n\n\n<li>Audit logs for servers and hosts on the internal, protected network shall be reviewed as warranted based on risk management decisions. The system administrator will furnish any audit logs as requested by appropriate university personnel.\u00a0\u00a0\n<ul class=\"wp-block-list\">\n<li>Host-based intrusion tools will be tested on a routine schedule.\u00a0\u00a0<\/li>\n\n\n\n<li>Reports shall be reviewed for indications of intrusive activity.\u00a0\u00a0<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>All suspected and\/or confirmed instances of successful intrusions shall be immediately reported to the Tarleton Information Security Officer (ISO)\/Chief Information Security Officer (CISO). Information resource users are encouraged to report any anomalies in system performance and\/or signs of unusual behavior or activity to the Office of Innovative Technology Solutions (OITS) Help Desk\/Service Desk at <a href=\"mailto:helpdesk@tarleton.edu\">helpdesk@tarleton.edu<\/a>. Please see the <a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/incident-response-ir\/ir-6-incident-reporting\/\">Tarleton Security Controls Catalog IR-6, Incident Reporting<\/a> for additional information. <\/li>\n\n\n\n<li>System administrators shall keep abreast of industry best practices regarding current intrusion events and methods to detect intrusions. Intrusion detection methods shall be utilized as needed.\u00a0\u00a0<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Response and Recovery\n<ul class=\"wp-block-list\">\n<li>Based on the assessment of risk, appropriate action should be taken to protect Tarleton information resources, see the <a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/incident-response-ir\/ir-1-incident-response-policy-and-procedures\/\">Tarleton Security Controls Catalog, specifically the Incident Response (IR) family<\/a>, for additional information and resources. <\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Definitions<\/h2>\n\n\n\n<p><strong>Confidential Information<\/strong>: information that is excepted from disclosure requirements under the provisions of applicable state or federal law, e.g. the Texas Public Information Act.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p><strong>Information Resources (IR)<\/strong>: the standards, equipment, and software that are designed, employed, operated, and maintained to collect, record, process, store, retrieve, display, and transmit information or data.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p><strong>Information Security Officer (ISO) \/ Chief Information Security Officer (CISO)<\/strong>: responsible for administering the information security functions within the university and reports to the information resources manager (IRM).\u00a0\u00a0\u00a0<\/p>\n\n\n\n<p><strong>Mission Critical Information<\/strong>: information that is defined by the university or information resource owner to be essential to the continued performance of the mission of the university or department. Unavailability of such information would result in more than an inconvenience. An event causing the unavailability of mission critical information would result in consequences such as significant financial loss, institutional embarrassment, failure to comply with regulations or legal obligations, or closure of the a department or the university&nbsp;&nbsp;<\/p>\n\n\n\n<p><strong>Owner of an Information Resource<\/strong>: an entity responsible for a business function and for determining controls and access to information resources supporting that business function.&nbsp;&nbsp;<\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Related Statutes, Policies, or Requirements<\/strong>&nbsp;<\/h2>\n\n\n\n<p><a href=\"https:\/\/policies.tamus.edu\/29-01.pdf\">TAMUS Policy 29.01, Information Resources<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-02.pdf\">TAMUS Regulation 29.01.02, Use of Licensed Software<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-03.pdf\">TAMUS Regulation 29.01.03, Information Security<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-04.pdf\">TAMUS Regulation 29.01.04, Accessibility of Electronic and Information Resources<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-05.pdf\">TAMUS Regulation 29.01.05, Artificial Intelligence<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-06.pdf\">TAMUS Regulation 29.01.06, Covered Applications and Prohibited Technologies<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.tarleton.edu\/policy\/wp-content\/uploads\/sites\/142\/2022\/06\/29_01_03_T0_01.pdf\">Tarleton SAP 29.01.03.T0.01, Information Resources &#8211; Acceptable Use<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.tarleton.edu\/policy\/wp-content\/uploads\/sites\/142\/2022\/06\/29_01_99_t1.pdf\">Tarleton Rule 29.01.99.T1, Information Resources<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/\">Tarleton Security Controls Catalog<\/a><\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Contact Office<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Office of Innovative Technology Solutions&nbsp;<\/p>\n\n\n\n<p>AVP and CIO of Innovative Technology Solutions&nbsp;<\/p>\n\n\n\n<p>254-459-5685&nbsp;<\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Tarleton Office of Innovative Technology Solutions (OITS) Intrusion Detection Standard Effective: February 11, 2020 Revised:\u00a0 April 25, 2025\u00a0 Procedure Summary&nbsp; Intrusion detection plays an important role in implementing and enforcing &#8230;<\/p>\n","protected":false},"author":94,"featured_media":580,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"template-fullwidth.php","meta":{"_acf_changed":false,"inline_featured_image":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"class_list":["post-2531","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"coauthors":[],"author_meta":{"author_link":"https:\/\/www.tarleton.edu\/technology\/author\/jgeorge\/","display_name":"jgeorge"},"relative_dates":{"created":"Posted 12 months ago","modified":"Updated 12 months ago"},"absolute_dates":{"created":"Posted on April 25, 2025","modified":"Updated on April 25, 2025"},"absolute_dates_time":{"created":"Posted on April 25, 2025 9:50 pm","modified":"Updated on April 25, 2025 9:50 pm"},"featured_img_caption":"","featured_img":false,"series_order":"","_links":{"self":[{"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/pages\/2531","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/users\/94"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/comments?post=2531"}],"version-history":[{"count":1,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/pages\/2531\/revisions"}],"predecessor-version":[{"id":2532,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/pages\/2531\/revisions\/2532"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/media?parent=2531"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}