Proper monitoring can help a district be proactive and address potential threats and other issues before harm occurs. Logging and monitoring are essential to ensuring the integrity of district data. Logging involves keeping a record of changes and actions related to the district’s network and computer systems. Monitoring involves timely review of logged activities to ensure they are appropriate.
Most accounting and student information systems, as well as their databases, have logging functionality built in, often enabled by default. On the IT infrastructure side, operating systems and network devices, such as firewalls, web filters, and anti-malware products, can also be configured to log activities and events for review. IT staff often need to manually enable this type of logging, and it can add value to operations.
Due to the nature of IT systems, logs can quickly become unmanageable in length. As a result, a district should determine the key activities or critical IT events and areas to log and monitor, such as those affecting security, availability, and appropriate use of its computer systems and other resources. Once the district has identified data classifications, such as sensitive data, and what IT activities and events it is most concerned about, such as unauthorized users accessing the network, it should log and monitor these events and follow up when something occurs that requires attention. The district should review these logs on a regular basis (i.e., daily, weekly, or monthly) depending on the district’s specific needs to ensure appropriate actions are taken to resolve issues identified. Some organizations find it useful to develop or acquire software to help them to correlate, monitor, alert, and report on the events they decide to log.
IT should generally be responsible for logging and monitoring efforts; however, it is also important for decision-makers and system managers to be accountable for identifying those key activities that should be monitored, such as activities that do not have a compensating control elsewhere or that pose a separation of duties issue. System managers should also monitor logged activity reports to help ensure that activities are appropriate and follow up and remediate any questionable activities if necessary.