Educause Security Discussion
mailing list archives
Re: Data Access Approval Letter
From: Tim Doty <tdoty () MST EDU>
Date: Mon, 17 Jun 2013 08:00:33 -0500
We don't really have that. What we do have is domain admin privileges
which provides technical access to managed systems and our network file
shares. We also have technical access to email. In addition to that we
have a variety of logs, such as server and network. But IT security does
not have carte blanche to university data -- for example, the majority
of academic records are not directly accessible.
There are a variety of policies (http://it.mst.edu/policies/) though it
doesn't look like any of those explicitly treat with access to
University data. The closest is probably the AUP's provision for
inspection of personal electronic information
There is a policy (that I can't find, not sure where it is published)
pertaining to access to electronic records -- but that is used primarily
to govern other university entity access. To the extent that IT security
would need to use it (the only case I can think of where it would've
applied predates the policy) the process is tracked electronically and
goes quite quickly. The main benefit of the policy has in fact been
moving the burden of granting access from IT to administration who, in
practice, have a greater ability to "say no".
On 06/16/2013 01:49 AM, Will Froning wrote:
I'm trying to find this online, but I am failing completely. When running
an investigation I often run into roadblocks on data access and it can
significantly delay my progress.
Do you all have a letter signed by your Chancellor/President that gives you
carte blanche access to University data when running an investigation?
If so, can you point me to an online copy so I can shamelessly copy it? ;)
Description: S/MIME Cryptographic Signature