Educause Security Discussion mailing list archives
Re: Network IPS Information Security Policy
From: Willis Marti <wmarti () TAMU EDU>
Date: Sat, 14 Nov 2009 13:01:38 -0600
randy marchany wrote:
This is an interesting thread and I have another question to ask. Given the nature of IPS and it's ability to basically read any email, chat, or any data sent through the wire, how are institutions dealing with the potential public relations nightmare of explaining to your constituents that this device and its keepers have that ability?
The issue occurs in other situations besides an IPS. Sysadmins could read any/all mail on a system. The network group could identify people who visit gambling sites, porn sites, eBay during the work day... You get the idea. We try to define the limits of "privacy" (from a technical and legal standpoint users have almost none) *and* the limits on divulging information. E.g., under the Texas Public Information Act all email could be requested but sysadmins may not just go browsing through it. Cheers, Willis Marti Director & CISO Networking and Information Security Texas A&M University
Current thread:
- Re: Network IPS Information Security Policy, (continued)
- Re: Network IPS Information Security Policy Gary Dobbins (Nov 13)
- Re: Network IPS Information Security Policy randy marchany (Nov 13)
- Re: Network IPS Information Security Policy Gary Dobbins (Nov 13)
- Re: Network IPS Information Security Policy Joel Rosenblatt (Nov 13)
- Re: Network IPS Information Security Policy Basgen, Brian (Nov 13)
- Re: Network IPS Information Security Policy Alex (Nov 13)
- Re: Network IPS Information Security Policy Gary Dobbins (Nov 13)
- Re: Network IPS Information Security Policy randy marchany (Nov 13)
- Re: Network IPS Information Security Policy randy marchany (Nov 13)
- Re: Network IPS Information Security Policy Basgen, Brian (Nov 13)
- Re: Network IPS Information Security Policy Willis Marti (Nov 14)
- Re: Network IPS Information Security Policy Pete Hickey (Nov 14)
- Re: Network IPS Information Security Policy Thomas R. Davis (Nov 18)