Educause Security Discussion mailing list archives
Re: Data Access Approval Letter
From: Drew Perry <aperry () MURRAYSTATE EDU>
Date: Tue, 18 Jun 2013 10:54:12 -0500
We do have a document specifically for that purpose. Contact me offline and I'll get you a copy of it. There's nothing sensitive about the document, I just don't have an electronic copy. (There are only 2 people with that level of authority at our University.) Drew Perry Security Analyst Murray State University (270) 809-4414 aperry () murraystate edu ***MSU Information Systems staff will *never* ask for your password or other confidential information via email.*** * * On Mon, Jun 17, 2013 at 8:00 AM, Tim Doty <tdoty () mst edu> wrote:
We don't really have that. What we do have is domain admin privileges which provides technical access to managed systems and our network file shares. We also have technical access to email. In addition to that we have a variety of logs, such as server and network. But IT security does not have carte blanche to university data -- for example, the majority of academic records are not directly accessible. There are a variety of policies (http://it.mst.edu/policies/) though it doesn't look like any of those explicitly treat with access to University data. The closest is probably the AUP's provision for inspection of personal electronic information (http://www.umsystem.edu/ums/** rules/collected_rules/**facilities/ch110/110.005_**acceptable_use_policy/<http://www.umsystem.edu/ums/rules/collected_rules/facilities/ch110/110.005_acceptable_use_policy/> ) There is a policy (that I can't find, not sure where it is published) pertaining to access to electronic records -- but that is used primarily to govern other university entity access. To the extent that IT security would need to use it (the only case I can think of where it would've applied predates the policy) the process is tracked electronically and goes quite quickly. The main benefit of the policy has in fact been moving the burden of granting access from IT to administration who, in practice, have a greater ability to "say no". Tim Doty On 06/16/2013 01:49 AM, Will Froning wrote:Hello All, I'm trying to find this online, but I am failing completely. When running an investigation I often run into roadblocks on data access and it can significantly delay my progress. Do you all have a letter signed by your Chancellor/President that gives you carte blanche access to University data when running an investigation? If so, can you point me to an online copy so I can shamelessly copy it? ;) Thanks, Will
Current thread:
- Data Access Approval Letter Will Froning (Jun 15)
- Re: Data Access Approval Letter Julian Y Koh (Jun 16)
- Re: Data Access Approval Letter Tim Doty (Jun 17)
- Re: Data Access Approval Letter Drew Perry (Jun 18)