Server Monitoring and Audit Plan

Server Monitoring and Audit Plan

1.0 Purpose

Server monitoring and audit refers to the criteria and procedures used for routine and timely monitoring of server hardware and software, as well as other critical IT resources.

2.0 Scope

In accordance with the “security standards” incorporated into the Health Information Portability and Accountability Act, server monitoring and audit methods must be an integral part of the College of Public Health Information Technology procedures and guidelines. Documented procedures for server monitoring and audit reduces the risk that key information technology assets are accessed inadvertently or inappropriately by persons without authority, while providing procedures that will enhance stability and integrity of server hardware and software.

3.0 Applicability

Server monitoring and audit plan is applicable to all College of Public Health system administrators responsible for managing critical server hardware, software, and data. The collegiate Office of Information Technology is applicable as an administrator of the core server infrastructure for the College of Public Health.

4.0 Guidelines

4.1 Required

Implement automated threshold technologies for contacting System Administrators, such as phone paging or e-mail when an instance reaches a threshold. Good examples include GFI Network Security Monitor and GFI Security Event Log Monitor.

4.2 Required

Constantly monitored attributes include disk space, disk integrity, disk usage, processor usage along with other systems such as LDAP queries and SQL data checks.

4.3 Required

Routinely monitor event logs, such as security, application, and system logs.

4.4 Required

Monitor backup and restore logs on a daily basis.

4.4 Required

Routinely monitor performance of servers and workstations.

4.5 Required

Routinely monitor network bandwidth, lags, and outages.

4.6 Required

Routinely monitor and track inconsistent behavior of servers and workstations.

4.7 Required

Implement firewall protection and IP Security policies.

4.8 Required

Implement Systems Management Server (SMS) software, or other systems management tools, to inventory and monitor hardware and software of workstations and servers.

4.9 Required

Implement Anti-Virus Management software, such as Symantec Anti-Virus Management Console, to manage and monitor for viruses across all workstations and servers.

4.10 Required

Implement Windows Update Service (WUS) and/or other patch management tools to monitor and update security patches across all workstations and servers.

4.11 Recommended

Implement intruder detection devices to monitor local area network.

5.0 Plan

  • Software shall be installed on all servers to monitor system activity and report to appropriate individuals.
  • Configuration will be checked on a yearly basis to verify service monitoring and updated if necessary.
  • When incidents arrive, determine nature of incident.

Security Incident

  • Upon receipt of a security incident, staff will take all necessary precautions to insure integrity and safety of sensitive information.
  • If situation requires, review event logs locally to determine cause.
  • Depending on the nature of the incident, machine may be taken offline for appropriate repair.
  • Complete format and reinstallation will be taken if cause cannot be determined and/or situation calls for such action.

Hardware Incident

  • Upon receipt of a hardware incident, staff will take appropriate action to ensure availability and integrity of data.
  • If hardware cannot be fixed in a timely manner, new hardware will be ordered and installed.

Software Incident

  • Upon receipt of a software incident, staff will determine severity of incident and respond accordingly.
  • If software incident can be replicated, staff will use available resources to determine if incident has been fixed elsewhere.
  • If software incident cannot be replicated, staff will review logs and document any abnormalities in case incident re-emerges.
  • Documentation of any major changes in configuration or policy will be e-mailed out to the appropriate personnel.

6.0 Contacts and Technical Experts

College of Public Health Office of Information Technology (384-3838)
cph-support@uiowa.edu