Educause Security Discussion mailing list archives

Re: Releasing details

From: Willis Marti <wmarti () TAMU EDU>
Date: Tue, 22 Jan 2008 15:57:26 -0600

Theresa Rowe wrote:

We sometimes get requests from student and staff that read something
like the following:

"Joan Doe called the Help Desk asking for if we could trace an IP
address of a
computer that sent an email from her account on January 19 sometime
around 3:30 AM.
She said that someone had hacked into her email account and deleted some
messages as well as sent some. She has since then changed her password
but is now
looking to take action on the person that sent it."

Do you have protocols on how you handle such an incident?  In most of
these cases, the logins look authentic - i.e., the real ID and
password were used.

Theresa,
We have a formal rule that says when "Joan" makes a complaint, it gets
investigated by our central computing group. We can look at logs on the
source PC. Information gathered is forwarded with the complaint to
Student Services for resolution. We do not release info to the complainer.
Cheers,
Willis Marti
Director & CISO
Networking and Information Security
Texas A&M University

Current thread:

Releasing details Theresa Rowe (Jan 22)
- <Possible follow-ups>
- Re: Releasing details Bristol, Gary L. (Jan 22)
- Re: Releasing details Willis Marti (Jan 22)
- Re: Releasing details Gary Dobbins (Jan 22)
- Re: Releasing details Roger Safian (Jan 22)
- Re: Releasing details Joel Rosenblatt (Jan 22)
- Re: Releasing details Chad McDonald (Jan 23)
- Re: Releasing details David, Elaine (Jan 23)
- Re: Releasing details Sherry, Cathy (Jan 23)
- Re: Releasing details Eric Jernigan (Jan 23)
- Re: Releasing details Willis Marti (Jan 23)