Educause Security Discussion mailing list archives

Re: Data Access Approval Letter

From: Drew Perry <aperry () MURRAYSTATE EDU>
Date: Tue, 18 Jun 2013 10:54:12 -0500

We do have a document specifically for that purpose. Contact me offline and
I'll get you a copy of it. There's nothing sensitive about the document, I
just don't have an electronic copy. (There are only 2 people with that
level of authority at our University.)

Drew Perry
Security Analyst
Murray State University
(270) 809-4414
aperry () murraystate edu

***MSU Information Systems staff will *never* ask for your password or
other confidential information via email.***
*
*


On Mon, Jun 17, 2013 at 8:00 AM, Tim Doty <tdoty () mst edu> wrote:

We don't really have that. What we do have is domain admin privileges
which provides technical access to managed systems and our network file
shares. We also have technical access to email. In addition to that we have
a variety of logs, such as server and network. But IT security does not
have carte blanche to university data -- for example, the majority of
academic records are not directly accessible.

There are a variety of policies (http://it.mst.edu/policies/) though it
doesn't look like any of those explicitly treat with access to University
data. The closest is probably the AUP's provision for inspection of
personal electronic information (http://www.umsystem.edu/ums/**
rules/collected_rules/**facilities/ch110/110.005_**acceptable_use_policy/<http://www.umsystem.edu/ums/rules/collected_rules/facilities/ch110/110.005_acceptable_use_policy/>
)

There is a policy (that I can't find, not sure where it is published)
pertaining to access to electronic records -- but that is used primarily to
govern other university entity access. To the extent that IT security would
need to use it (the only case I can think of where it would've applied
predates the policy) the process is tracked electronically and goes quite
quickly. The main benefit of the policy has in fact been moving the burden
of granting access from IT to administration who, in practice, have a
greater ability to "say no".

Tim Doty


On 06/16/2013 01:49 AM, Will Froning wrote:

Hello All,

I'm trying to find this online, but I am failing completely. When running
an investigation I often run into roadblocks on data access and it can
significantly delay my progress.

Do you all have a letter signed by your Chancellor/President that gives
you
carte blanche access to University data when running an investigation?

If so, can you point me to an online copy so I can shamelessly copy it? ;)

Thanks,
Will

Current thread:

Data Access Approval Letter Will Froning (Jun 15)
- Re: Data Access Approval Letter Julian Y Koh (Jun 16)
- Re: Data Access Approval Letter Tim Doty (Jun 17)
  - Re: Data Access Approval Letter Drew Perry (Jun 18)