Penn State home
Engineering
About the College
CEDCC Home
 

Main Policy Page
Acceptable Use Policy
Password Policy
Anti-virus Policy
Remote Access Policy

Lab Anti-virus Policy
Account Audit Policy
Server Security Policy
Standard Firewall Rules Policy
Firewall Rules Exceptions Policy
Virtual Private Network Policy
Wireless Communications Policy
Remote Access Policy
Backup Policy
Incident and Disaster Tolerance/Response Policy
High Performance Cluster Policy and Procedures

 

 
College of Engineering --- Audit Policy: COE–AAP–AD20  
 

1.0 Purpose
To provide the authority for members of the College’s security team and the University’s Security Office to conduct a security audit on any system within the College of Engineering in accordance with University policy AD20.  This authority may be delegated down to a departmental support team member upon approval by the College’s security team.  All requests for such approval must originate from the department head in an email addresses to security@engr.psu.edu; ECS personnel will verify the authenticity of all emails before granting a request. Only approved departmental personnel will be authorized to scan systems within their department.

Audits may be conducted to:

  • Ensure integrity, confidentiality and availability of information and resources
  • Investigate possible security incidents and ensure conformance to the College of Engineering security policies
  • Monitor user or system activity where appropriate (e.g. system compromise is suspected, policy violations are suspected, complaints have been received).
  • Ensure validity of user accounts.

2.0 Scope
This policy covers all computer and communication devices owned or operated by the College of Engineering. This policy also covers any computer and communications devices that are present on the College of Engineering premises and network, but which may not be owned or operated by the College of Engineering.
       
3.0 Policy
When requested, and for the purpose of performing an audit, any access needed will be provided to members of College or University security teams.  Users and/or support personnel must ensure that any hardware or software installed for the purposes of filtering traffic such as a firewall appliance or personal firewall software allow unrestricted traffic to and from all systems authorized to conduct security audits at the departmental, College and University Security Office levels.  At no time shall anyone other than those authorized in the College or University be permitted to scan computers or devices connected to the College network.  Any question as to the scope of addresses to be given unrestricted access can be directed to ECS at security@engr.psu.edu.

This access may include:

  • User level and/or system level access to any computing or communications device
  • Access to information (electronic, hardcopy, etc.) that may be produced, transmitted or stored on the College of Engineering equipment or premises
  • Access to work areas (labs, offices, cubicles, storage areas, etc.)             
  • Access to interactively monitor and log traffic on the College of Engineering networks.

4.0 Enforcement
Anyone found violating this policy will be subject to disciplinary action by his or her Administrative unit, the College, or the University.

College or University Security Office personnel will immediately block Internet access to any system found to be scanning systems in violation of this policy.  Individuals found to be in violation of local, Commonwealth or Federal regulations or laws will be referred to the University Security Office for case disposition.
       
5.0 Revision History
Last updated:  2/04/2004
 

Communications & Computing | Electronic Design | ECS Home Page | COE Home Page

© All Rights Reserved by The Pennsylvania State University, College of Engineering | Text Only Version
E-mail problems or comments to Webmaster