Educause Security Discussion mailing list archives
Re: Releasing details
From: "David, Elaine" <elaine.david () UCONN EDU>
Date: Wed, 23 Jan 2008 08:17:28 -0500
At the University of Connecticut we have a similar process to the one that Chad describes. There are only a select number of individuals from whom we will accept requests to engage in investigations and provide information (e.g. Public Safety, HR (for labor relations type investigations), etc.) - Elaine Elaine David Assistant Vice President for Information Services Director of Information Technology Security, Policy & Quality Assurance University of Connecticut Storrs, Connecticut 06269-3138 Phone: (860) 486-1362 Fax: (860) 486-5744 Email: Elaine.David () uconn edu CONFIDENTIALITY NOTICE: If you have received this e-mail in error, please immediately notify the sender by e-mail at the address shown and delete all copies of this message. This e-mail transmission may contain information that is proprietary, privileged, confidential, or otherwise legally exempt from disclosure. If you are not the named addressee, please be aware that you are not authorized to open, read, print, retain, copy, or disseminate this message or any part of it. Thank you for your compliance. -----Original Message----- From: Chad McDonald [mailto:chad.mcdonald () GCSU EDU] Sent: Wednesday, January 23, 2008 8:11 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Releasing details We advise them to file a complaint with our Public Safety Office. PS then brings the complaint to me and the investigation begins in conjunction a campus detective. I think it's important to treat this as a potentially criminal matter for a number of reasons: 1) If you don't treat it as a criminal matter, and it later turns into one, then you may have already compromised any evidence. 2) It is a serious matter and we need to send a consistent. 3) If you treat it as a criminal case, there is always the possibility of dropping the charges later. 4) It weeds out a lot of the "my dog ate my homework" scenarios. Hope this helps, Chad McDonald, CISSP, CISA, PMP Chief Information Security Officer Georgia College & State University Phone 478.445.4473 Cell 478.454.8250 Fax 478.445.1202 Email chad.mcdonald () gcsu edu
We sometimes get requests from student and staff that read something like the following: "Joan Doe called the Help Desk asking for if we could trace an IP
address of a
computer that sent an email from her account on January 19 sometime around 3:30 AM. She said that someone had hacked into her email account and deleted some messages as well as sent some. She has since then changed her password but is now looking to take action on the person that sent it." Do you have protocols on how you handle such an incident? In most of these cases, the logins look authentic - i.e., the real ID and password were used. -- Theresa Rowe Chief Information Officer rowe () oakland edu Oakland University
Current thread:
- Releasing details Theresa Rowe (Jan 22)
- <Possible follow-ups>
- Re: Releasing details Bristol, Gary L. (Jan 22)
- Re: Releasing details Willis Marti (Jan 22)
- Re: Releasing details Gary Dobbins (Jan 22)
- Re: Releasing details Roger Safian (Jan 22)
- Re: Releasing details Joel Rosenblatt (Jan 22)
- Re: Releasing details Chad McDonald (Jan 23)
- Re: Releasing details David, Elaine (Jan 23)
- Re: Releasing details Sherry, Cathy (Jan 23)
- Re: Releasing details Eric Jernigan (Jan 23)
- Re: Releasing details Willis Marti (Jan 23)