Policy #: IT0005
Effective Date: 06/10/12
Last Revision Date: 08/02/11

UNIVERSITY OF CALIFORNIA SANTA CRUZ
Information Security Log Policy

Vice Chancellor, Information Technology
(Policy IT-0005)

I. PURPOSE AND SCOPE

The purpose of this policy is to establish a requirement to enable and review logs on electronic information resources (eIRs) that contain, access or transmit data classified by UCSC as confidential or restricted. This requirement supports compliance with Federal HIPAA law, Payment Card Industry regulation, UC and UCSC recommendations and industry best practice. It applies to all individuals who maintain affected eIRs.

II. DEFINITIONS

The following terms used in this policy are defined in the online Glossary of UCSC IT Policy-Related Terms, available at http://its.ucsc.edu/policies/glossary.html.

• Confidential Data
• Electronic Information Resource
• HIPAA
• Payment Card Industry
• Restricted Data&
• Subject Matter Expert
• System Steward

III. DETAILED POLICY STATEMENT

1. Requirements

Procedures must be in place to ensure that access and activity is recorded and reviewed for all electronic information resources that contain, access or transmit data classified by UCSC as confidential or restricted.

1. Logging must be enabled at the operating system, application/database, and system/workstation level.
2. Logs must be reviewed in response to suspected or reported security problems on systems containing restricted data or as requested by IT Security.
3. System Stewards are responsible for determining which systems require scheduled log review.
4. Log review shall include investigation of suspicious activity, including escalation to IT Security (see GETTING HELP, below) or the campus incident response process as appropriate.
5. Individuals shall not be assigned to be the sole reviewers of their own activity.

2. Responsibility

All individuals are responsible for following the above log requirements where applicable.

System Stewards, in consultation with Subject Matter Experts where appropriate, are responsible for determining the applicability of the above requirements to systems or data for which they are responsible. System Stewards are also responsible for ensuring implementation and enforcement of the above requirements where they are applicable.

3. Appropriate use and protection of log information

Logs must be accessed, secured and protected according to the nature of the information they may contain. While it is necessary for the University to perform regular collection and monitoring of logs, this activity must be consistent with the provision of least perusal described in ITS' Routine System Monitoring Practices and the UC Electronic Communications Policy.

IV. GETTING HELP

For questions about this policy, or to escalate an issue to IT Security, contact the ITS Support Center at http://itrequest.ucsc.edu/, 459-HELP, help@ucsc.edu, or in person M-F 8AM-5PM, 54 Kerr Hall

V. AUTHORITY

The campus Vice Chancellor, Information Technology is the campus authority for the UCSC Log Policy. This policy was reviewed and approved by the Campus Provost/Executive Vice Chancellor on 06/10/2012. Next review date is June 2014.

VI. RELATED POLICIES, PROCEDURES, AND RESOURCES

• UCSC Log Procedures
• Log Management for the University of California: Issues and Recommendations
• UC Electronic Communications Policy
• UCSC ITS Routine System Monitoring Practices
• UC BFB IS-3, Electronic Information Security

Rev. 8/2/11