Information Security and Network Monitoring

Per University policy [1], the Office of Information Security is authorized to access University electronic information only under specific circumstances, including: to comply with legal orders; when investigating a violation of law or serious infraction of policy; to maintain the integrity of a University computing system; to assist in an emergency; or in the case of staff, as necessary to allow University business to proceed. Whenever possible the University's need for any information will be met simply by asking an individual for it.

In support of our mission, Information Security uses various technologies to ensure the integrity of Penn's networks, including devices that alert on anomalous or malicious activity (e.g., an Intrusion Detection System, or IDS) and network and system log files that can be queried to assist in an investigation. Examples of malicious and unauthorized activities can be found in the University's Acceptable Use policy [2]

These responsibilities notwithstanding, no Information Security functions should interfere with the University's commitment to the principles of open expression [3].

Questions or concerns about how the Office of Information Security operates these network technologies should be directed to the University Information Security Officer at security@isc.upenn.edu.

[1] Policy on Privacy in the Electronic Environment
http://www.upenn.edu/provost/PennBook/policy_on_privacy_in_the_electronic_environment

[2] Policy on Acceptable Use of Electronic Resources
http://www.upenn.edu/computing/policy/aup.html

[3] Guidelines on Open Expression
http://www.upenn.edu/provost/images/uploads/Guidelines_on_Open_Expression.pdf

Last updated: Thursday, November 29, 2012