Educause Security Discussion mailing list archives
Re: Releasing details
From: Gary Dobbins <dobbins () ND EDU>
Date: Tue, 22 Jan 2008 17:02:39 -0500
We (central IT Information Security) would refer them to the appropriate University office (e.g. Student Affairs), or to the campus police if they are pursuing a suspected criminal activity. We then provide those offices' investigators with supporting IT information (e.g. logs) upon request. From: Theresa Rowe [mailto:rowe () OAKLAND EDU] Sent: Tuesday, January 22, 2008 4:32 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Releasing details We sometimes get requests from student and staff that read something like the following: "Joan Doe called the Help Desk asking for if we could trace an IP address of a computer that sent an email from her account on January 19 sometime around 3:30 AM. She said that someone had hacked into her email account and deleted some messages as well as sent some. She has since then changed her password but is now looking to take action on the person that sent it." Do you have protocols on how you handle such an incident? In most of these cases, the logins look authentic - i.e., the real ID and password were used. -- Theresa Rowe Chief Information Officer rowe () oakland edu Oakland University
Current thread:
- Releasing details Theresa Rowe (Jan 22)
- <Possible follow-ups>
- Re: Releasing details Bristol, Gary L. (Jan 22)
- Re: Releasing details Willis Marti (Jan 22)
- Re: Releasing details Gary Dobbins (Jan 22)
- Re: Releasing details Roger Safian (Jan 22)
- Re: Releasing details Joel Rosenblatt (Jan 22)
- Re: Releasing details Chad McDonald (Jan 23)
- Re: Releasing details David, Elaine (Jan 23)
- Re: Releasing details Sherry, Cathy (Jan 23)
- Re: Releasing details Eric Jernigan (Jan 23)
- Re: Releasing details Willis Marti (Jan 23)