Educause Security Discussion mailing list archives
Re: GWU and content monitoring
From: Randy Marchany <marchany () VT EDU>
Date: Sun, 23 Jul 2006 18:01:17 -0400
As a simplistic analogy - you can compare it to IDS/IPS technology. While we all certainly have a percentage of encrypted traffic on the network, anyone running IDS/IPS knows you still catch a *lot* of illegitimate activity.
Well, I've always thought that IDS/IPS should show how well a site progresses from cluelessness to cluefulness*. Awareness programs, modifications to individual business unit practices, successful data classification programs, security reviews, etc. all form a piece of the puzzle. I hope GWU is not relying on any 1 piece to declare they're "data disclosure free". I also worry about placing the onus of protection on the central IT group. This makes all too easy for a dept to say "not our problem, THEY screwed up." I modify Tip O'Neill's quote: "all security MUST be local". -Randy Marchany VA Tech IT Security Office/Lab p.s. cluefulness: the state where an individual or dept. could get a clue by rubbing themselves with clue musk oil and standing out in a field of horny clues in the middle of clue mating season. (derived from a famous internet yo-mama moment by V. Kletnieks)
Current thread:
- GWU and content monitoring Jeff Brainard (Jul 18)
- <Possible follow-ups>
- Re: GWU and content monitoring Gary Flynn (Jul 18)
- Re: GWU and content monitoring Gary Golomb (Jul 18)
- Re: GWU and content monitoring Gerry Sneeringer (Jul 19)
- Re: GWU and content monitoring Roger Safian (Jul 19)
- Re: GWU and content monitoring Gary Golomb (Jul 19)
- Re: GWU and content monitoring Randy Marchany (Jul 23)