...
Investigation and assessment can be difficult and it is sometimes intrusive. It may require careful examination of things like activity logs and email. In general, ITS takes the privacy of the Carleton community very seriously and will only examine and analyze what is strictly needed in order to assess the full extent of a threat that's been identified. Furthermore, the smallest possible group of people will conduct such investigations. And they will not communicate any findings relating to individual user actions other than those strictly relevant to the investigation they are performing. Our goal is to to limit risk and damage, and to protect the campus from the normal threats that all networked computing environments are subject to.
...
- How immediate is the threat?
- Is the threat potential (a "vulnerability"), or are we looking at an actual breach?
- If the threat is potential only, what is its CVS score? How are other schools/businesses addressing the risk? What actions do our software vendors recommend?
- What is the actual (and potential) financial risk to the college?
- Who is affected?
- A single person or device?
- A few people (like a small department) or small number of devices?
- A large number of people or devices, possibly the entire college?
Mitigation
Once affected people and systems have been assessed, ITS will assign appropriate resources, which may include
...