Educause Security Discussion mailing list archives
Re: Data capture protection for security staff
From: Bob Kalal <kalal.1 () OSU EDU>
Date: Tue, 9 Sep 2008 15:30:16 -0400
On Sep 9, 2008, at 3:20 PM, Young, Beth A. wrote:
I am looking for example statements that people have used for permission to do packet captures or other traffic/computer analysis that may involved confidential information whether that statement is a blanket policy statement warning every user that there is no expectation of privacy or statements included in job descriptions.
Here's our notice from our responsible use policy ... "Users should also be aware that their uses of university computing resources are not completely private. While the university does not routinely monitor individual usage of its computing resources, the normal operation and maintenance of the university's computing resources require the backup and caching of data and communications, the logging of activity, the monitoring of general usage patterns, and other such activities that are necessary for the rendition of service. The university may also specifically monitor the activity and accounts of individual users of university computing resources, including individual login sessions and communications, without notice, when (a) the user has voluntarily made them accessible to the public, as by posting to Usenet or a web page; (b) it reasonably appears necessary to do so to protect the integrity, security, or functionality of university or other computing resources or to protect the university from liability; (c) there is reasonable cause to believe that the user has violated, or is violating, this policy; (d) an account appears to be engaged in unusual or unusually excessive activity, as indicated by the monitoring of general activity and usage patterns; or (e) it is otherwise required or permitted by law. Any such individual monitoring, other than that specified in "(a)", required by law, or necessary to respond to perceived emergency situations, must be authorized in advance by the Chief Information Officer or the Chief Information Officer's designees. " Bob Kalal Director, Information Technology Policy & Services Office of the Chief Information Officer The Ohio State University
Current thread:
- Data capture protection for security staff Young, Beth A. (Sep 09)
- <Possible follow-ups>
- Re: Data capture protection for security staff Bob Kalal (Sep 09)
- Re: Data capture protection for security staff Martin Manjak (Sep 09)
- Re: Data capture protection for security staff Basgen, Brian (Sep 09)
- Re: Data capture protection for security staff Cal Frye (Sep 10)