Information Security personnel utilize various methods to perform electronic scans of the University’s Networks and Firewalls, or on any system connected to the University Information Technology Network.

Information Security personnel are authorized to conduct audits to:

• Ensure integrity, confidentiality and availability of information and resources
• Investigate possible Security incidents
• Ensure compliance to University Information Technology Policies and Procedures documentation
• Monitor Authorized User or system activity where appropriate

Authorization to Audit

Only Information Security personnel or other specifically authorized parties may audit devices that are owned by the University or are connected to the University Information Technology Network. Third-party organizations may only perform audits with the explicit written permission of the Information Technology Services department.

Access

Information Security personnel shall be granted access to the following in order to effectively perform audits:

• User level or system level access to any computing or communications device
• Access to information (electronic, hardcopy, etc.) that may be produced, transmitted or stored on the University Information Technology Network
• Access to work areas (labs, offices, cubicles, storage areas, etc.)
• Access to interactively monitor and Log traffic on the University Information Technology Network

Remediation

Information Security personnel will report all results to the appropriate supervisory personnel and will follow up with the processes necessary to resolve any exceptions.