Re: Releasing details

[Chad McDonald <chad.mcdonald () GCSU EDU>]

We advise them to file a complaint with our Public Safety Office.  PS
then brings the complaint to me and the investigation begins in
conjunction a campus detective.  I think it's important to treat this as
a potentially criminal matter for a number of reasons:
1)  If you don't treat it as a criminal matter, and it later turns into
one, then you may have already compromised any evidence.
2)  It is a serious matter and we need to send a consistent.
3)  If you treat it as a criminal case, there is always the possibility
of dropping the charges later.
4)  It weeds out a lot of the "my dog ate my homework" scenarios.

Hope this helps,

Chad McDonald, CISSP, CISA, PMP
Chief Information Security Officer
Georgia College & State University
Phone   478.445.4473
Cell    478.454.8250
Fax     478.445.1202
Email   chad.mcdonald () gcsu edu

> We sometimes get requests from student and staff that read something
> like the following:
>
> "Joan Doe called the Help Desk asking for if we could trace an IP
address of a
> computer that sent an email from her account on January 19 sometime
> around 3:30 AM.
> She said that someone had hacked into her email account and deleted some
> messages as well as sent some. She has since then changed her password
> but is now
> looking to take action on the person that sent it."
>
> Do you have protocols on how you handle such an incident?  In most of
> these cases, the logins look authentic - i.e., the real ID and password
> were used.
>
>
> --
> Theresa Rowe
> Chief Information Officer
> rowe () oakland edu
> Oakland University