Re: Security Investigations

["David, Elaine" <elaine.david () UCONN EDU>]

At the University of Connecticut, the IT Security Office has a process
very similar to the one outlined by Clemson. All requests must be
approved by me or the CIO (as my backup) and requests may only be made
through specific individuals/offices.

In addition, we utilize a paper form which includes background
information and a separate section that is provided to the technician.
This section (separate from the rest of the form) specifies the tasks to
be performed by the technician and allows the technician to fill in the
information that has been provided and the format. We have the
technician create two copies of whatever materials are being turned
over. The second copy is labeled with the Incident # and locked up in
our Security vault. In this way if there are ever any questions as to
what we turned over, we can go to our copy. We also have a form that
allows us to maintain a signature of the person who accepted the
materials.

 

- Elaine

Elaine David
Assistant Vice President for Information Services
Director of Information Technology Security, Policy & Quality Assurance
University of Connecticut
Storrs, Connecticut 06269-3138
Phone: (860) 486-1362
Fax: (860) 486-5744
Email: Elaine.David () uconn edu



CONFIDENTIALITY NOTICE: If you have received this e-mail in error,
please immediately notify the sender by e-mail at the address shown and
delete all copies of this message. This e-mail transmission may contain
information that is proprietary, privileged, confidential, or otherwise
legally exempt from disclosure. If you are not the named addressee,
please be aware that you are not authorized to open, read, print,
retain, copy, or disseminate this message or any part of it. Thank you
for your compliance.

  

________________________________

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kevin McKenzie
Sent: Tuesday, August 19, 2008 9:27 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Security Investigations

 

Our Office of IT Security and Privacy(OISP) handles the technical aspect
of computer investigations.  We do the leg work for many of the
departments on campus.  How we have set it up is as follows, and
hopefully it protects everyone.

We will respond to 5 entities on campus:  Human Resources, Internal
Auditors, General Counsel, Law Enforcement, and Office of Student
Conduct.  If a department suspects something, we have them run it
through the appropriate office(file a formal complaint) and let that
office come to us and ask for assistance.  This way we cut down on the
'hunches' and 'wild goose chases' when someone "thinks they suspect
something, or has a grudge and is looking for something to catch
someone".  Once they file a formal complaint with one of those 5
mentioned areas, and those areas as a matter of responding to the
complaint requests assistance from us (OISP).  This keeps us from
spending all our time doing dirty work for departments on campus who are
looking for a reason to get someone in trouble per se.  Students are
dealt with through the Office of Student Conduct.  If we get legal
papers to do something from an entity off campus, then we run it through
General Counsel, collect the data and let them release it to the
external entity.

It also keeps those that are let's say influential friends of OISP from
asking, he can you look at this and see if there is anything to it.  We
would respond with you need to file a report with the xyz office and we
will follow up with them.   Many times, issues with employees are a lack
of good managers and those managers want to find something on the
employee that they can use.  We use to get complaints like " It think so
and so are looking at web pages they shouldn't be instead of doing their
work, can you monitor and check for me?".   We would ask if the manager
had seen anything suggesting it, and the answer would be no, but they
suspect it, blah, blah, blah.....well if you have enough to file a
complaint then do it and we would follow up...most of the time they
don't cause they have no basis for their complaint....they were looking
to us to find the smoking gun for them instead of addressing the
employee and maybe something like productivity or something....again one
example...I have many more....

 

Kevin McKenzie

Director of Security Integration

Office of Information Security and Privacy

Clemson Computing and Information Technology

Clemson University

pappy () clemson edu

 

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brenda B Gombosky
Sent: Monday, August 18, 2008 4:26 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Security Investigations

 

Who in your institutions - Security Team or what area - does
investigations requested via HR or Legal etc. such as email - Open
Records request and other types? Thanks in advance!

 

 

Brenda B. Gombosky, CISSP, CISM, CHSP
Director, Enterprise Security,  

Information Technology
University of Louisville
Miller IT Center, Room 109
Louisville, KY 40292
(502)852-5037
(502)419-6689

 

 

Brenda B. Gombosky, CISSP, CISM, CHSP
Director, Enterprise Security,  

Information Technology
University of Louisville
Miller IT Center, Room 109
Louisville, KY 40292
(502)852-5037
(502)419-6689