Educause Security Discussion mailing list archives
Re:
From: Sarah Stevens <sarah () STEVENS-TECHNOLOGIES COM>
Date: Tue, 14 Jun 2005 17:20:12 -0600
Very interesting discussion. Are you attempting to create a policy in response to a specific event that occurred that was not expressly forbidden in the current acceptable use policy? Are you attempting to address a particular risk by creating such a policy? It seems to me that such an action would be forbidden by any ethics policy currently in place. If you falsify your identity when speaking with an university official, you are purposely committing fraud, at the very least. Regardless of communication medium, this is inappropriate behavior. You may also need to look at controls currently in place. Rather than just create another policy that could be overlooked, what technology are you going to put in place in support of your policy? (i.e Digital Signatures for email) I can't wait to hear more about your thought/decision process regarding this issue. Sincerely, Sarah E Stevens
We're looking at the possibility of providing in a policy that it
would be
an acceptable use violation to misrepresent who one is when
communicating
with a university official; particularly as it applies to employees. This is to get at the situation where someone uses an alias to
communicate
on a work related matter to someone else. I'm wondering if any of you have such a restriction in place, or
could point
me to a policy with such a restriction. Any advice or suggestions
would be
helpful. Best regards, Theresa Semmens, CISA IT Security Officer North Dakota State University IACC 210C Ph: 701-231-5870 E-mail: theresa.semmens () ndsu edu "If you believe you cannot do something, it makes you incapable of
doing it.
But when you believe you can, you acquire the ability to do it, even
if you
did not have the ability in the beginning." Mahatma Gandhi
--
Current thread:
- Re: Sarah Stevens (Jun 14)