{"id":3213,"date":"2026-05-29T19:15:20","date_gmt":"2026-05-29T19:15:20","guid":{"rendered":"https:\/\/www.tarleton.edu\/technology\/?page_id=3213"},"modified":"2026-05-29T19:15:21","modified_gmt":"2026-05-29T19:15:21","slug":"tarleton-oits-security-monitoring-standard","status":"publish","type":"page","link":"https:\/\/www.tarleton.edu\/technology\/tarleton-oits-security-monitoring-standard\/","title":{"rendered":"Tarleton OITS Security Monitoring Standard"},"content":{"rendered":"\n
\n
\n

Tarleton Office of Innovative Technology Solutions (OITS)
Security Monitoring Standard<\/h1>\n\n\n\n

Effective: February 11, 2020<\/p>\n\n\n\n

Revised:\u00a0May 29, 2026\u00a0<\/p>\n<\/div>\n\n\n\n

\n
\"The<\/figure>\n<\/div>\n<\/div>\n\n\n\n
<\/div>\n\n\n\n
\n\n\n\n
<\/div>\n\n\n\n

Procedure Summary<\/strong> <\/h2>\n\n\n\n

Tarleton State University\u2019s (Tarleton or university) has the right to examine information on information resources that are under the control or custody of the university. Security Monitoring is a method used to confirm that the security practices and controls in place are being adhered to and are effective. Monitoring consists of activities such as the review\u00a0of:\u00a0user account logs, application logs, data backup and recovery logs, automated intrusion detection system logs, etc.\u00a0\u00a0<\/p>\n\n\n\n

Tarleton information resources are strategic assets which, as property of the State of Texas, must be managed as valuable state resources in accordance with Texas Government Code Chapter 2054<\/a>. This standard applies to all university-managed information resources\u00a0containing\u00a0mission critical information, confidential information, and other information resources as may be managed by Tarleton.\u00a0\u00a0<\/p>\n\n\n\n

\n

The purpose of the security monitoring standard is to ensure that information resource security controls are in place, are\u00a0effective, and are not being bypassed. In addition, this standard provides a set of measures that will mitigate information security risks associated with security monitoring. There may also be other or\u00a0additional\u00a0measures that will provide\u00a0appropriate mitigation\u00a0of the risks. The assessment of potential risks and the application of appropriate mitigation measures will be determined by the information resource owner or their designee. In accordance with Texas Administrative Code (TAC) Chapter 202 \u2010 Information Security Standards<\/a>, each department and\/or resource owner may elect not to implement some or all of the risk mitigation measures provided in this standard based on information security risk management decisions and business functions. Such risk management decisions must be documented and reported to the designated information security officer. This standard applies to all individuals, users, and\/or administrators of Tarleton information resources, especially those who\u00a0are responsible for\u00a0the installation of\u00a0new information\u00a0resources, the operations of existing information resources, and individuals charged with information resources security.<\/p>\n\n\n\n

Please see the <\/a>Tarleton Security Controls Catalog, specifically SI-4: System Monitoring<\/a> and Tarleton OITS Privacy Standard<\/a> for additional information and requirements.<\/p>\n<\/div>\n\n\n\n

<\/div>\n\n\n\n

Procedures and Responsibilities<\/strong> <\/h2>\n\n\n\n