Services

Information Security

Unit Security Dashboard (USD)

The USD is the primary method for sharing security information and metrics with the University IT community.

FAQ

Ranking

An overall score / rank is calculated using a weighted score from four areas:

60%: Overdue Vulnerabilities exceeding the AD95: Vulnerability management standard remediation timelines
20%: ATOs based on progress through the phases
15%: Unsupported Operating Systems, i.e. systems that vendors no longer provide security patches for
5%: IS Initiatives that are past the deadline

Ranking Screenshot

Ratios help level the playing field between large and small units

Live hosts, pulled from IS’s asset inventory
Total employees, pulled from IS’s identity inventory

Available Data

Scored:
	Overview
	Vulnerabilities	Overdue Overdue within 7 days All Known (Overdue and Non-Overdue) Internet Exposed Systems Exceptions or Excluded from Scans Subnets with Zero IPs Scanned Notification Preferences
	ATOs
	Unsupported OSs	Unsupported Upcoming Within 60 Days Exceptions Dates Reference


Unscored:
	Agents	Defender, Nessus and Splunk
	Network Perimeter	How to Register Contacts Authorized to Submit Registration Requests HTTP / HTTPS Registrations Already Approved
	Cloud	Defender, Nessus and Splunk
	IAM	Compromised Accounts EAD and CyberArk Adoption Reported Phishing E-mails Using Basic Authentication with Office 365 Services
	Incidents
	Risk
	Resources	Asset Attribution Security Training History Dashboard Access Dashboard Last Login Info

what can I access

Frequently Asked Questions

Click each topic below to expand it.

don't modify this so accordion stays closed

1. How often does the data refresh?

The data refreshes automatically once per day in the morning, typically finishing around 7:20 AM.

There is a complicated chain of dependencies for each search, so while the updates are finished by 7:20 AM, a specific data source may have been updated earlier than that. For example:

The ATO data from ServiceNow comes in everyday at 12:10 AM, so any changes made to ATOs after 12:10 AM time will not be reflected in the USD until the next day’s refresh
Tenable vulnerability scan data is imported into Splunk at defined intervals, with the nearest occurring at 04:00 AM. This means that a network vulnerability scan must have finished and been imported prior to 04:00, otherwise the data will not be reflected in the USD until the next day’s refresh

OIS is aware that it would be extremely helpful to display the last refresh time for the various data elements on the USD, but cannot easily do so right now due to limitations in Splunk dashboards.

2. What data sources are used?

3. How do I get access to the USD?

By default, the following individuals have access to their respective Unit(s)/Sub-Unit(es) within the USD:

IT Director
Security Liaisons

If you do not fall into one of these categories, but would like access, ask someone above to contact unitsecdashboard@psu.edu and request access on your behalf.

4. How do I access the USD?

The URL is: https://splunk.ois.psu.edu/en-US/app/unit_security_dashboard/unit_security_dashboard

Note that you also must be on a Penn State network (e.g. the Penn State VPN or a Penn State wired or wireless network)

5. I addressed a vulnerability (e.g. by applying a patch). Why is it still showing up on the USD?

The likeliest explanations are:

You didn’t actually address what the Nessus scan flagged. Review the ‘Plugin Output’ to see what the latest scan results are flagging.
A scan has not run since the vulnerability was addressed
- Agent scans typically run twice a day. The exact time is negotiated with OIS at the time of set-up, and varies per unit.
- Network scans run once per day on known critical/high vulnerabilities
The USD has not refreshed since the scan verified the vulnerability was addressed. See the previous question on the refresh rate of the USD.