Section 5: Security MonitoringAnchor: #i1057865
Monitoring and logging all security events and incidents provides TxDOT the ability to recognize, react to, and mitigate actions that threaten to disrupt the availability and integrity of TxDOT information assets. The information provided in this section is part of the Agency’s Intrusion Prevention Policy. It addresses the “Detect” objective of the Texas CyberSecurity Framework.Anchor: #i1050446
TxDOT strategically deploys monitoring devices to detect when physical access to its information resources occurs. The information collected from security incidents and events must be retained according to the Records Retention Schedule. TxDOT will use real-time monitoring to:
- assess the information and data transfers to and from TxDOT’s network
- monitor the health of its equipment, including currency of hardware and software.
- determine if unauthorized access has occurred
- analyze how the information movement correlates to risk assessments and security plans.
Individuals who use TxDOT information resources must monitor both physical and digital access, use, and health of the information resources they use. Any security incident or event detected must be immediately forwarded to TxDOT Information Security Office for response and mitigation.
Information Security Officer must ensure that:
- information owners and custodians adhere to TxDOT's security monitoring standards
- incidents and events are evaluated and mitigated according to the risk management framework
- individuals comply with the security monitoring standards issued in the Intrusion Prevention Policy.
Compliance and Standards
See the “Security Monitoring Standards” in the Information Security Standards manual for a list of the minimum standards necessary to comply with this objective of the Intrusion Prevention Policy.