Services

Information Security

 

​Unit Security Dashboard (USD)

The USD is the primary method for sharing security information and metrics with the University IT community.

FAQ

Ranking

An overall score / rank is calculated using a weighted score from four areas:

Ranking Screenshot

Ratios help level the playing field between large and small units

  • Live hosts, pulled from IS’s asset inventory
  • Total employees, pulled from IS’s identity inventory

 

Available Data

Scored:    
Target Overview  
Shield Vulnerabilities
  • Overdue
  • Overdue within 7 days
  • All Known (Overdue and Non-Overdue)
  • Internet Exposed Systems
  • Exceptions or Excluded from Scans
  • Subnets with Zero IPs Scanned
  • Notification Preferences
Star ATOs  
Dinosaur Unsupported OSs
  • Unsupported
  • Upcoming Within 60 Days
  • Exceptions
  • Dates Reference
     
     
Unscored:    
  Agents
  • Defender, Nessus and Splunk
  Network Perimeter
  • How to Register
  • Contacts Authorized to Submit Registration Requests
  • HTTP / HTTPS Registrations Already Approved
  Cloud
  • Defender, Nessus and Splunk
  IAM
  • Compromised Accounts
  • EAD and CyberArk Adoption
  • Reported Phishing E-mails
  • Using Basic Authentication with Office 365 Services
  Incidents  
  Risk  
  Resources
  • Asset Attribution
  • Security Training History
  • Dashboard Access
  • Dashboard Last Login Info

what can I access

Frequently Asked Questions

Click each topic below to expand it.

don't modify this so accordion stays closed

1. How often does the data refresh?

The data refreshes automatically once per day in the morning, typically finishing around 7:20 AM.

There is a complicated chain of dependencies for each search, so while the updates are finished by 7:20 AM, a specific data source may have been updated earlier than that.  For example:

  • The ATO data from ServiceNow comes in everyday at 12:10 AM, so any changes made to ATOs after 12:10 AM time will not be reflected in the USD until the next day’s refresh
  • Tenable vulnerability scan data is imported into Splunk at defined intervals, with the nearest occurring at 04:00 AM.  This means that a network vulnerability scan must have finished and been imported prior to 04:00, otherwise the data will not be reflected in the USD until the next day’s refresh

OIS is aware that it would be extremely helpful to display the last refresh time for the various data elements on the USD, but cannot easily do so right now due to limitations in Splunk dashboards. 

2. What data sources are used?

3. How do I get access to the USD?

By default, the following individuals have access to their respective Unit(s)/Sub-Unit(es) within the USD:

  • IT Director
  • Security Liaisons

If you do not fall into one of these categories, but would like access, ask someone above to contact unitsecdashboard@psu.edu and request access on your behalf.

4. How do I access the USD?

The URL is: https://splunk.ois.psu.edu/en-US/app/unit_security_dashboard/unit_security_dashboard

Note that you also must be on a Penn State network (e.g. the Penn State VPN or a Penn State wired or wireless network)

5. I addressed a vulnerability (e.g. by applying a patch). Why is it still showing up on the USD?

The likeliest explanations are:

  1. You didn’t actually address what the Nessus scan flagged.  Review the ‘Plugin Output’ to see what the latest scan results are flagging.
  2. A scan has not run since the vulnerability was addressed
    • Agent scans typically run twice a day. The exact time is negotiated with OIS at the time of set-up, and varies per unit.
    • Network scans run once per day on known critical/high vulnerabilities
  3. The USD has not refreshed since the scan verified the vulnerability was addressed.  See the previous question on the refresh rate of the USD.