ISC's Office of Information Security is responsible for maintaining the security of Penn's digital assets. Per the University Policy on Privacy in the Electronic Environment, the Office of Information Security is authorized to access University electronic information only under specific circumstances, such as:
- Complying with legal orders when investigating a violation of law or serious infraction of policy
- Maintaining the integrity of a University computing system
- Assisting in an emergency
- Preventing distribution to the University business processes
However, and whenever possible, the University's need for any information will be met simply by asking an individual for it.
The Office of Information Security uses various technologies to ensure the integrity of Penn's networks. Such technologies may include:
- An Intrusion Detection System (IDS) to alert on anomalous or malicious activity
- Network and system log files that can be queried to assist in an investigation or to detect malicious activity
- Vulnerability scanning tools to detect platform and application weaknesses, including the use of default credentials
Examples of malicious and unauthorized activities can be found in the University's Acceptable Use Policy.
No Information Security function should interfere with the University's commitment to the principles of open expression presented in the University Guidelines on Open Expression.
Questions or concerns about how the Office of Information Security operates these network technologies should be directed to the University Information Officer at security@isc.upenn.edu.