Educause Security Discussion mailing list archives

Re: Data capture protection for security staff

From: Martin Manjak <mm376 () ALBANY EDU>
Date: Tue, 9 Sep 2008 16:00:54 -0400

Here are a few links. The first covers SysAdmin responsibilities and the
second is the text of our log-in banner:

1. http://www.albany.edu/policies/computer_usage/#sysadmin
2. http://www.albany.edu/its/authorizeduse.htm

Since you asked specifically about the discovery of unauthorized
activities, I'm also including one of the sections from the SysAdmins
duties:
*
Policy Violations and Criminal Activity:* If the system administrator,
in the performance of duties, uncovers information that an individual is
acting inconsistent with this policy, or discovers evidence of criminal
activity, the system administrator must report such findings to the
appropriate authority.

On Sep 9, 2008, at 3:20 PM, Young, Beth A. wrote:

I am looking for example statements that people have used for permission
to do packet captures or other traffic/computer analysis that may
involved confidential information whether that statement is a blanket
policy statement warning every user that there is no expectation of
privacy or statements included in job descriptions.


--
Martin Manjak
Information Security Officer
University at Albany
CISSP, GIAC GSEC-G, GCIH, GCWN

Current thread:

Data capture protection for security staff Young, Beth A. (Sep 09)
- <Possible follow-ups>
- Re: Data capture protection for security staff Bob Kalal (Sep 09)
- Re: Data capture protection for security staff Martin Manjak (Sep 09)
- Re: Data capture protection for security staff Basgen, Brian (Sep 09)
- Re: Data capture protection for security staff Cal Frye (Sep 10)