Continuous Vigilance Policy

Purpose

To provide É«ÖÐÉ« with guidance to develop and implement the appropriate activities to identify the occurrence of an information security event.

Policy

The É«ÖÐÉ« system, system components, and assets are monitored at discrete intervals to identify information security events and to verify the effectiveness of protective measures.

É«ÖÐÉ« detection processes and procedures are maintained to provide for the identification of information security events. Detection processes are tested and revised to ensure the timely notification of anomalous events to the appropriate É«ÖÐÉ« responsible parties.

Summary

  • A continuous vigilance strategy has been developed that includes the establishment of monitored network metrics, ongoing security status monitoring and analysis of data gathered through assessments
  • É«ÖÐÉ« monitors the network to detect unauthorized connections or unauthorized use of the network
  • É«ÖÐÉ« reviews proposed configuration-controlled changes and either approves or disapproves them with consideration for security impact
  • Physical environment is also established and monitored by monitoring physical access to the facility housing the College system, monitoring alarms and surveillance equipment and reviewing physical access logs.
  • Personnel vigilance includes establishment of user metrics, security control assessments and status monitoring
  • É«ÖÐÉ« employs malicious code protection mechanisms where necessary and appropriate
  • Third parties are also monitored and assessed in accordance with the Continuous Vigilance Program
  • Providers of external system services must comply with state and federal laws and regulations and employ reasonable security controls

Continuous Vigilance Policy Details [pdf]