/policies/,/policies/administrative/,/policies/administrative/uwhc/,/policies/administrative/uwhc/department-specific/,/policies/administrative/uwhc/department-specific/information-services/,/policies/administrative/uwhc/department-specific/information-services/is-procedures/,

/policies/administrative/uwhc/department-specific/information-services/is-procedures/inpro-010-.policy

201605144

page

100

UWHC,UWMF,

Policies,Administrative,UWHC,Department Specific,Information Services,IS Procedures

Monitoring Systems and the Network Procedure (IN–PRO-010 )

Monitoring Systems and the Network Procedure (IN–PRO-010 ) - Policies, Administrative, UWHC, Department Specific, Information Services, IS Procedures

IN–PRO-010


Administrative Departmental Procedure
This department-specific procedure applies to the operations and staff of the Information Services
Department of the University of Wisconsin Hospitals and Clinics Authority as integrated effective July 1,
2015.

Procedure Title: Monitoring Systems and the Network
Procedure Number: IN-PRO-010
Effective Date: 5/20/2016
Chapter: NA
Version: (Original or Revision)
I. PURPOSE
This procedure describes the processes for:
• Monitoring computing systems and the network to protect and secure PHI and UW
Health business information.
• Logging events on network equipment and servers so sufficient information exists to
identify and resolve errors and potential problems.


II. DEFINITIONS (optional)
NA


III. POLICY ELEMENTS
This procedure supports the following policy:

Monitoring Systems and the Network Policy


IV. PROCEDURE
Management of Logging/Monitoring

UW Health IS staff are assigned to manage the logging and monitoring of network and server
systems, as follows.

System
Software
Responsible Group
Review
Frequency
Method
Windows
UW Health IS Server Analysts
Daily
Event driven
Automated tools
Windows Server Event Viewer
Proprietary tools from hardware
vendors
Manual review by authorized
staff

Novell
UW Health IS Server Analysts Event driven
Automated tools
Manual review by authorized
staff
UNIX/LINU
X
UW Health IS Server Analysts
Database Administrators
Event driven Automated e-Mail notifications
Network
Infrastructur
e
UW Health IS Data Network
Server Analysts
Daily
Event driven
Automated tools
Manual review by authorized
staff

Event Logging/Monitoring

There are several systems that log and monitor UW Health computing systems and network
traffic.

System Description
Syslog Server A central syslog server that receives syslog entries from
all routers, Layer 3 switches, and firewalls. Syslog
entries are compiled, organized by device and date, and
then stored for future reference.
Intrusion Detection and Prevention
(IDP)
Analyzes the network to identify unusual traffic. This
system resides on the periphery of the network, just
inside the firewall, where it can gather data on threats to
and from the external Internet. Alerts for unusual
behavior are generated and IS security personnel to
address.
Netflow Analyzer Analyzes netflow data from key routers in the network
core and identifies unusual network traffic. Because the
routers analyzed encounter nearly all network traffic, this
system is able to correlate events against a netflow
database and recognize significant changes in volume or
type of traffic. Alerts are generated accordingly and
emailed to the IS Senior Security Consultant.
Hardware Health Monitor Monitors the integrity of network and server hardware.
Software Health Monitor Monitors the integrity of network and server software.
Availability Monitor Monitors network connectivity, services, and disk space.
Web Traffic Monitor Records all Web traffic to external resources.


V. FORMS (optional)
NA


VI. REFERENCES (optional)
NA



VII. COORDINATION

Sr. Management Sponsor: UW Health IS CTO
Author: UW Health IS Server Manager
Reviewer(s): UW Health IS Directors

Approval Committee: UW Health CIO

SIGNED BY:
UW Health CIO

Revision Detail:

Effective Date Next Review Summary of Changes Change Authors
5/20/2016 5/20/2017 Annual review/revision. C. Frank, B. Gross, E. Bakkum
7/21/2014 7/21/2015 Original release.
T. Borchert, D. Jaworski, S. Schroeder,
J. Leonard