Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Network IPS Information Security Policy

From: Willis Marti <wmarti () TAMU EDU>
Date: Sat, 14 Nov 2009 13:01:38 -0600
randy marchany wrote:

This is an interesting thread and I have another question to ask. Given the nature of IPS and it's ability to basically 
read any email, chat, or any data sent through the wire, how are institutions dealing with the potential public relations 
nightmare of explaining to your constituents that this device and its keepers have that ability?


The issue occurs in other situations besides an IPS. Sysadmins could
read any/all mail on a system. The network group could identify people
who visit gambling sites, porn sites, eBay during the work day... You
get the idea.
We try to define the limits of "privacy" (from a technical and legal
standpoint users have almost none) *and* the limits on divulging
information. E.g., under the Texas Public Information Act all email
could be requested but sysadmins may not just go browsing through it.

Cheers,
Willis Marti
Director & CISO
Networking and Information Security
Texas A&M University
Previous By Date Next
Previous By Thread Next

Current thread: