[unisog] Survey: Monitoring/Logging Policies
gadsden at musc.edu
Mon Oct 23 20:58:26 GMT 2006
On Mon, 23 Oct 2006, Giulini,Chad wrote:
> I am hoping some of you on this list may be willing to state whether or
> not your institution collects, monitors, and/or archives logs from
> firewalls and/or IDS/IPS devices.
Yes, we do.
> The specific concern here involves logging user-identifiable activity.
> I am particularly interested in how this is implemented in other
> Academic Medical Centers, but any feedback is welcome. [snip]
At our academic medical center, this type of monitoring is authorized (and
restricted) by a paragraph within the "Privacy and Confidentiality"
section of our Computer Use Policy, which reads as follows:
"Moreover, the University reserves the right to monitor user activities on
all University computer systems, and to monitor communications utilizing
the University network, to ensure compliance with University policy, and
with federal, state and local law. Monitoring shall be performed only by
individuals who are specifically authorized, and only the minimum data
necessary to meet institutional requirements shall be collected. Data
collected through monitoring shall be made accessible only to authorized
individuals, who are responsible for maintaining its confidentiality."
Here's a link to our policy:
Hope this helps...
--- o ---
Information Security Office
Office of the CIO - Information Services
Medical University of South Carolina
More information about the unisog