Educause Security Discussion mailing list archives
Policies and Products surrounding investigation and storage
From: Gregory N Pendergast/AC/VCU <gnpendergast () VCU EDU>
Date: Mon, 6 Apr 2009 09:05:39 -0400
I am looking into both policies and products surrounding the secure storage of computes/disks/media involved in internal investigations. If anyone has ideas about any of the following questions, I'd appreciate hearing from you: 1) Where/How do you store computers and other digital media that is being examined as part of an internal investigation (policy violation, security incident, etc)? 2) Are there any products that you would recommend? (We're initially thinking of something that provides both secure storage and water/fire damage protection.) 3) How long do you retain the original evidence? 4) How do you dispose of the evidence once it's beyond its retention cycle? 5) When the collection of evidence requires the confiscation of equipment or media from faculty or staff, who authorizes the confiscation? What provisions do you have for providing replacement/loaner equipment to allow the employee to continue working? Again, input on any or all of these is greatly appreciated. ------------------------------------------------------- Greg Pendergast Information Security Analyst Virginia Commonwealth University VCU Information Security - http://infosecurity.vcu.edu/ Information Security News, Tips & More - http://www.twitter.com/vcuinfosec Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, Social Security number or confidential personal information. For more details visit http://infosecurity.vcu.edu/phishing.html.
Current thread:
- Policies and Products surrounding investigation and storage Gregory N Pendergast/AC/VCU (Apr 06)
- <Possible follow-ups>
- Re: Policies and Products surrounding investigation and storage Strubinger, Ray (Apr 06)