Services
Information Security
Unit Security Dashboard (USD)
The USD is the primary method for sharing security information and metrics with the University IT community.
Performance Rating
An overall rating is calculated by taking the average system compliance percentage across three areas:
- Overdue Vulnerabilities exceeding the AD95: Vulnerability management standard remediation timelines
- Unsupported Operating Systems
- Installation of the Security Agents (Nessus, Defender and Splunk UF)
There are four different ratings based on overall compliance:
- Cybersecurity Vanguard- Less than 85% of systems compliant with AD95 standards
- Cybersecurity Champion- Between 85% and 90% of systems compliant with AD95 standards
- Cybersecurity Hero- Between 90% and 98% of systems compliant with AD95 standards
- Cybersecurity Legend- 99% or more of systems compliant with AD95 standards
Available Data
Overview | |
Vulnerabilities |
|
ATOs | |
Unsupported OSs |
|
Agents |
|
Inventory |
|
Firewall |
|
Incidents |
|
Resources |
|
Frequently Asked Questions
Click each topic below to expand it.
How do I get access to the USD?
By default, the following individuals have access to their respective Unit(s)/Sub-Unit(es) within the USD:
- IT Director
- Security Liaisons
If you do not fall into one of these categories, but would like access, ask someone above to contact unitsecdashboard@psu.edu and request access on your behalf.
How do I access the USD?
The URL is: https://search.splunk.psu.edu/en-US/app/unit_security_dashboard/unit_security_dashboard__overview
Note that you also must be on a Penn State network (e.g. the Penn State VPN or a Penn State wired or wireless network)
I addressed a vulnerability (e.g. by applying a patch). Why is it still showing up on the USD?
The likeliest explanations are:
- You didn’t actually address what the Nessus scan flagged. Review the ‘Plugin Output’ to see what the latest scan results are flagging.
- A scan has not run since the vulnerability was addressed
- Agent scans typically run twice a day. The exact time is negotiated with OIS at the time of set-up, and varies per unit.
- Network scans run once per day on known critical/high vulnerabilities
- The USD has not refreshed since the scan verified the vulnerability was addressed. See the previous question on the refresh rate of the USD.