Educause Security Discussion mailing list archives
Re: Policy Enforcement
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Fri, 26 Mar 2010 14:24:06 -0400
On Fri, 26 Mar 2010 13:34:17 EDT, Scott Sweren said:
- How did you get the authority to impose the sanctions?
Sometimes, the best sanctions are the ones somebody else imposes. A number of years ago, we had a high-profile incident on campus, where an ISP's DNS server got hacked and a website redirected to a hacked machine on campus. Of course, this meant that within 3 or 4 hours, the hard drive of the on-campus machine ended up in an evidence bag. The machine had gotten hacked because a professor had specifically told the grad student admin'ing the machine not to waste time patching, and the box of course got pwned by a hack that had a patch available. So the professor goes to the department chair to get $$ to replace the hard drive (which at that time was still a pretty sizable chunk of change). The department chair told the professor "No, this was your screw-up, it's coming out of your budget". Randy's office was *swamped* with requests for awareness training for the next few months. Nobody else wanted to have that talk with their department chair. :)
Attachment:
_bin
Description:
Current thread:
- Policy Enforcement Scott Sweren (Mar 26)
- <Possible follow-ups>
- Re: Policy Enforcement Vik Solem (Mar 26)
- Re: Policy Enforcement Valdis Kletnieks (Mar 26)
- Re: Policy Enforcement John Ladwig (Mar 26)
- Re: Policy Enforcement Valdis Kletnieks (Mar 26)
- Re: Policy Enforcement Jeff Kell (Mar 26)