Re: Security Investigations

[Kevin McKenzie <pappy () CLEMSON EDU>]

Our Office of IT Security and Privacy(OISP) handles the technical aspect of
computer investigations.  We do the leg work for many of the departments on
campus.  How we have set it up is as follows, and hopefully it protects
everyone.

We will respond to 5 entities on campus:  Human Resources, Internal
Auditors, General Counsel, Law Enforcement, and Office of Student Conduct.
If a department suspects something, we have them run it through the
appropriate office(file a formal complaint) and let that office come to us
and ask for assistance.  This way we cut down on the 'hunches' and 'wild
goose chases' when someone "thinks they suspect something, or has a grudge
and is looking for something to catch someone".  Once they file a formal
complaint with one of those 5 mentioned areas, and those areas as a matter
of responding to the complaint requests assistance from us (OISP).  This
keeps us from spending all our time doing dirty work for departments on
campus who are looking for a reason to get someone in trouble per se.
Students are dealt with through the Office of Student Conduct.  If we get
legal papers to do something from an entity off campus, then we run it
through General Counsel, collect the data and let them release it to the
external entity.

It also keeps those that are let's say influential friends of OISP from
asking, he can you look at this and see if there is anything to it.  We
would respond with you need to file a report with the xyz office and we will
follow up with them.   Many times, issues with employees are a lack of good
managers and those managers want to find something on the employee that they
can use.  We use to get complaints like " It think so and so are looking at
web pages they shouldn't be instead of doing their work, can you monitor and
check for me?".   We would ask if the manager had seen anything suggesting
it, and the answer would be no, but they suspect it, blah, blah, blah...well
if you have enough to file a complaint then do it and we would follow
up.most of the time they don't cause they have no basis for their
complaint..they were looking to us to find the smoking gun for them instead
of addressing the employee and maybe something like productivity or
something..again one example.I have many more..



Kevin McKenzie

Director of Security Integration

Office of Information Security and Privacy

Clemson Computing and Information Technology

Clemson University

pappy () clemson edu





From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brenda B Gombosky
Sent: Monday, August 18, 2008 4:26 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Security Investigations



Who in your institutions - Security Team or what area - does investigations
requested via HR or Legal etc. such as email - Open Records request and
other types? Thanks in advance!





Brenda B. Gombosky, CISSP, CISM, CHSP
Director, Enterprise Security,

Information Technology
University of Louisville
Miller IT Center, Room 109
Louisville, KY 40292
(502)852-5037
(502)419-6689





Brenda B. Gombosky, CISSP, CISM, CHSP
Director, Enterprise Security,

Information Technology
University of Louisville
Miller IT Center, Room 109
Louisville, KY 40292
(502)852-5037
(502)419-6689