Educause Security Discussion mailing list archives
Process / Forms for Students voluntarily surrendering computers
From: James H Moore <jhmfa () RIT EDU>
Date: Fri, 22 Oct 2004 17:18:06 -0400
Sorry for the cross-post but this deals in both areas. Common situation (at FIT - Ficticious Institute of Technology), Sally Student scans the Whitehouse, or NSA, ... We get a polite request to investigate. We go to Sally, and ask why she has been trying to fingerprint government systems. She denies all knowledge, and we ask if we can look at her system. She loans us her notebook. What is good wording for voluntary release? What is a good investigative process? So that, 1) We avoid liability (e.g. we don't mess up her drive while investigating, and accidentally delete the folder with her thesis and research in it.) 2) We prepare for student judicial, in case, she thinks that she has erased all the evidence, but hasn't. 3) What do we disclose to Sally (or the university), and when about our investigative process. What questions did I miss? - - - Jim Moore, CISSP, IAM Information Security Officer Rochester Institute of Technology 13 Lomb Memorial Drive Rochester, NY 14623-5603 Office: 585-475-5406 Lab: 585-475-4122 Fax: 585-475-7950 "In the middle of difficulty lies opportunity." Albert Einstein "The release of new internet threats have not created a new problem. It has merely made more urgent the necessity of solving an existing one." Parallels quote by Albert Einstein on atomic energy ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Attachment:
smime.p7s
Description:
Current thread:
- Process / Forms for Students voluntarily surrendering computers James H Moore (Oct 22)