Auditing, Event Monitoring and Breach Protocol in UBbox

On this page:

Auditing and Event Monitoring

A key part of ensuring the security of restricted data is auditing access to the data.  Auditing is also a HIPAA requirement.  The Splunk add-on for UBbox is hosted centrally by UBIT to provide auditing capabilities to security/privacy officials, data stewards, and their designees.  Splunk will be configured to retain log files for 6 years plus 180 days, in accordance with HIPAA requirements.

All restricted data access will be logged in Splunk.  For each access event, the minimum following information will be logged:

  • The UBITName that accessed the data
  • Name of the folder or file accessed
  • Date & time of the access
  • Client IP 
  • Action taken on sensitive data folder or file

The following restricted data access events will be logged and will produce alerts (email) sent to the data stewards and Security/Privacy Officials:

  • A collaboration invitation was issued for a folder 
  • Data from a folder was downloaded
  • A subfolder was created with a name that doesn't follow proper naming protocol

Breach Protocol

In the event of a restricted data breach, notify the Information Security Office, data steward, and security/privacy officials.