Educause Security Discussion mailing list archives

Re: Retention of NAT translations and Connections

From: Mike Iglesias <iglesias () UCI EDU>
Date: Thu, 5 Jan 2012 19:37:44 -0800

On 01/05/2012 05:08 PM, Dave Koontz wrote:

My personal thought is that the more user information you log and store, the
more responsibility IT has should an issue arise.  After all, "it was in your
logs, why didn't you catch it and do something about it"


The longer you keep logs, the more you open yourself up to discovery requests
should a suit or other legal action arise.  The more data to go through, the
more man hours it takes to do so.  I'm not saying to dump your logs as fast as
possible, but you need to keep discovery in mind as well as why you need the
logs in the first place (troubleshooting, monitoring, etc).

You should sit down with your campus lawyer(s) and discuss this with them as
well as asking for advice here.  They may have some important input to the
process that you will need to keep in mind as you work this out.


-- 
Mike Iglesias                          Email:       iglesias () uci edu
University of California, Irvine       phone:       949-824-6926
Office of Information Technology       FAX:         949-824-2270

Current thread:

Retention of NAT translations and Connections HOGGATT, ANDY F. (Jan 05)
- Re: Retention of NAT translations and Connections Nathaniel Hall (Jan 05)
  - Re: Retention of NAT translations and Connections Dave Koontz (Jan 05)
    - Re: Retention of NAT translations and Connections Mike Iglesias (Jan 05)
    - Re: Retention of NAT translations and Connections Valdis Kletnieks (Jan 05)
  - Re: Retention of NAT translations and Connections leo song (Jan 06)
- Re: Retention of NAT translations and Connections Drews, Jane E (Jan 06)
  - Re: Retention of NAT translations and Connections John Ladwig (Jan 06)
    - Re: Retention of NAT translations and Connections Kalal, Robert (Bob) (Jan 06)
    - Re: Retention of NAT translations and Connections HOGGATT, ANDY F. (Jan 10)