INTRUSION DETECTION
Effective: August 15, 2024
Purpose: Emporia State University is committed to maintaining the confidentiality, integrity, and accessibility of the information assets it owns or controls.
Monitoring areas of the network for signs of sabotage or hacking is necessary to help ensure that our information assets remain secure.
This policy sets out to ensure that network traffic within the University’s environment is examined for compliance to published policy and any traffic deemed to be contrary is logged and investigated.
Scope: This policy applies to all network traffic traveling within the University’s computing environment.
Responsible Office: Information Technology
Policy Statement: Information Technology (IT) is responsible for implementing the necessary technology to examine traffic within the University’s environment. This may include both network and host-based intrusion detection devices.
The person(s) responsible for monitoring these intrusion detection device(s) are responsible for following all written policy and standards for handling sensitive information.
In the case of academic needs, IT will work with faculty for using a monitoring, packet capture, or penetration testing tool in a controlled test environment.
Unauthorized intrusion tools (monitoring, packet capturing, or penetration testing tools) used by students or employees are forbidden and may result in disciplinary action up to and including suspension or termination.
The Information Security Officer (ISO) is responsible for monitoring and reporting compliance with this policy and for reviewing this policy on an annual basis.
The President or designee must approve any exceptions to this policy.
Definitions: All words and phrases shall be interpreted utilizing their plain meanings unless otherwise defined in another University or Board of Regents policy or by statute or regulation.
Procedures: All procedures linked and related to the policies above shall have the full force and effect of policy if said procedures have first been properly approved by the University’s administrator in charge of Information Technology.
[Information Technology procedures - coming soon]
Related Policy Information: [coming soon]