Educause Security Discussion mailing list archives
[SECURITY]
From: Ben Marsden <bmarsden () SMITH EDU>
Date: Fri, 12 Jun 2015 12:07:40 -0400
Been a while since I looked at this, but agree with Mark's assessment. I also agree with Kevin's sentiment, but with this caveat : pragmatically parallel with compliance is nice, but technically in compliance can suck; and I'd really rather NOT have some legal enforcement or 3-letter entity telling me what compliance looks like if I can avoid it. I'd also much rather be affirmatively helpful than strong-armed coerced; or in other words, act on a request (with legal's blessing) rather than compelled to assist (at legal's insistence). fwiw, -- Ben On Fri, Jun 12, 2015 at 10:17 AM, Kevin Wilcox <wilcoxkm () appstate edu> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/06/15 06:31, Berman, Mark wrote:Bottom line, it's a lot easier to declare yourself exempt than to spend money on hardware to try and comply. As far as I know this has never been litigated and until it is and a judge says I'm wrong, I'll stand on that opinion.Considering the OTHER benefits you get from having a compliant network, like being able to identify your users, accounting for each system on the network, accounting for WHERE each system is on the network, etc., I would argue that compliance with CALEA is a side-effect of a well-designed network. If you're worried about what you'll need to change to be CALEA-compliant, you're already losing in other critical areas. kmw -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) iEYEARECAAYFAlV66gAACgkQsKMTOtQ3fKE3ZgCgoyIONFJitPYYTNq8Gu/lBfSo XT4An0KeXh0spX4Kb2UTpICaJWHdKy5h =5h+o -----END PGP SIGNATURE-----
-- ============================================ Ben Marsden : Information Security Director, CISSP/GISP ITS, Stoddard Hall, Smith College, Northampton, MA 01063 bmarsden [at] smith [.] edu 413 [.] 585 [.] 4479 --------------------------------------------------------------------- =--> Any request to reveal your Smith password via email is fraudulent!
Current thread:
- [SECURITY] Berman, Mark (Jun 12)
- [SECURITY] Kevin Wilcox (Jun 12)
- [SECURITY] Ben Marsden (Jun 12)
- [SECURITY] Persad, Nadira (Jun 12)
- [SECURITY] Ben Marsden (Jun 12)
- [SECURITY] Tracy Beth Mitrano (Jun 13)
- [SECURITY] Rossella Mariotti-Jones (Jun 13)
- [SECURITY] Tracy Beth Mitrano (Jun 13)
- [SECURITY] Rossella Mariotti-Jones (Jun 13)
- [SECURITY] Kevin Wilcox (Jun 12)