Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Data Access Approval Letter
From: Tim Doty <tdoty () MST EDU>
Date: Mon, 17 Jun 2013 08:00:33 -0500

We don't really have that. What we do have is domain admin privileges which provides technical access to managed systems and our network file shares. We also have technical access to email. In addition to that we have a variety of logs, such as server and network. But IT security does not have carte blanche to university data -- for example, the majority of academic records are not directly accessible.

There are a variety of policies (http://it.mst.edu/policies/) though it doesn't look like any of those explicitly treat with access to University data. The closest is probably the AUP's provision for inspection of personal electronic information (http://www.umsystem.edu/ums/rules/collected_rules/facilities/ch110/110.005_acceptable_use_policy/)

There is a policy (that I can't find, not sure where it is published) pertaining to access to electronic records -- but that is used primarily to govern other university entity access. To the extent that IT security would need to use it (the only case I can think of where it would've applied predates the policy) the process is tracked electronically and goes quite quickly. The main benefit of the policy has in fact been moving the burden of granting access from IT to administration who, in practice, have a greater ability to "say no".

Tim Doty

On 06/16/2013 01:49 AM, Will Froning wrote:
Hello All,

I'm trying to find this online, but I am failing completely. When running
an investigation I often run into roadblocks on data access and it can
significantly delay my progress.

Do you all have a letter signed by your Chancellor/President that gives you
carte blanche access to University data when running an investigation?

If so, can you point me to an online copy so I can shamelessly copy it? ;)


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]