Educause Security Discussion mailing list archives

Re: Data capture protection for security staff

From: Bob Kalal <kalal.1 () OSU EDU>
Date: Tue, 9 Sep 2008 15:30:16 -0400

On Sep 9, 2008, at 3:20 PM, Young, Beth A. wrote:

I am looking for example statements that people have used for
permission
to do packet captures or other traffic/computer analysis that may
involved confidential information whether that statement is a blanket
policy statement warning every user that there is no expectation of
privacy or statements included in job descriptions.


Here's our notice from our responsible use policy ...
"Users should also be aware that their uses of university computing
resources are not completely private. While the university does not
routinely monitor individual usage of its computing resources, the
normal operation and maintenance of the university's computing
resources require the backup and caching of data and communications,
the logging of activity, the monitoring of general usage patterns, and
other such activities that are necessary for the rendition of service.
The university may also specifically monitor the activity and accounts
of individual users of university computing resources, including
individual login sessions and communications, without notice, when (a)
the user has voluntarily made them accessible to the public, as by
posting to Usenet or a web page; (b) it reasonably appears necessary
to do so to protect the integrity, security, or functionality of
university or other computing resources or to protect the university
from liability; (c) there is reasonable cause to believe that the user
has violated, or is violating, this policy; (d) an account appears to
be engaged in unusual or unusually excessive activity, as indicated by
the monitoring of general activity and usage patterns; or (e) it is
otherwise required or permitted by law. Any such individual
monitoring, other than that specified in "(a)", required by law, or
necessary to respond to perceived emergency situations, must be
authorized in advance by the Chief Information Officer or the Chief
Information Officer's designees. "

Bob Kalal
Director, Information Technology Policy & Services
Office of the Chief Information Officer
The Ohio State University

Current thread:

Data capture protection for security staff Young, Beth A. (Sep 09)
- <Possible follow-ups>
- Re: Data capture protection for security staff Bob Kalal (Sep 09)
- Re: Data capture protection for security staff Martin Manjak (Sep 09)
- Re: Data capture protection for security staff Basgen, Brian (Sep 09)
- Re: Data capture protection for security staff Cal Frye (Sep 10)