Re: Releasing details

["David, Elaine" <elaine.david () UCONN EDU>]

At the University of Connecticut we have a similar process to the one that Chad describes. There are only a select 
number of individuals from whom we will accept requests to engage in investigations and provide information (e.g. 
Public Safety, HR (for labor relations type investigations), etc.)

- Elaine

Elaine David
Assistant Vice President for Information Services
Director of Information Technology Security, Policy & Quality Assurance
University of Connecticut
Storrs, Connecticut 06269-3138 
Phone: (860) 486-1362
Fax: (860) 486-5744
Email: Elaine.David () uconn edu

 

CONFIDENTIALITY NOTICE: If you have received this e-mail in error, please immediately notify the sender by e-mail at 
the address shown and delete all copies of this message. This e-mail transmission may contain information that is 
proprietary, privileged, confidential, or otherwise legally exempt from disclosure. If you are not the named addressee, 
please be aware that you are not authorized to open, read, print, retain, copy, or disseminate this message or any part 
of it. Thank you for your compliance.

 
-----Original Message-----
From: Chad McDonald [mailto:chad.mcdonald () GCSU EDU] 
Sent: Wednesday, January 23, 2008 8:11 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Releasing details

We advise them to file a complaint with our Public Safety Office.  PS
then brings the complaint to me and the investigation begins in
conjunction a campus detective.  I think it's important to treat this as
a potentially criminal matter for a number of reasons:
1)  If you don't treat it as a criminal matter, and it later turns into
one, then you may have already compromised any evidence.
2)  It is a serious matter and we need to send a consistent.
3)  If you treat it as a criminal case, there is always the possibility
of dropping the charges later.
4)  It weeds out a lot of the "my dog ate my homework" scenarios.

Hope this helps,

Chad McDonald, CISSP, CISA, PMP
Chief Information Security Officer
Georgia College & State University
Phone   478.445.4473
Cell    478.454.8250
Fax     478.445.1202
Email   chad.mcdonald () gcsu edu

> We sometimes get requests from student and staff that read something
> like the following:
>
> "Joan Doe called the Help Desk asking for if we could trace an IP
address of a
> computer that sent an email from her account on January 19 sometime
> around 3:30 AM. 
> She said that someone had hacked into her email account and deleted some
> messages as well as sent some. She has since then changed her password
> but is now
> looking to take action on the person that sent it."
>
> Do you have protocols on how you handle such an incident?  In most of
> these cases, the logins look authentic - i.e., the real ID and password
> were used. 
>
>
> -- 
> Theresa Rowe
> Chief Information Officer
> rowe () oakland edu
> Oakland University