Security Review Panel Meeting Minutes 5/2/03
Anne Marchant, IT&E (Chair)
Cathy Hubbs (ITU/Project Office)
Bob Peraino (ITU/TSD)
John McCarthy (School of Law, CIPP)
Jonathon Goldman (IT&E)
Marc Homer (Graduate Student)
Justin Brown (Physics&Astronomy)
Stanley Zoltek (Faculty Senate Liaison)
1) Joy Hughes, Vice President for Information Technology and CIO
and Walt Sevon, ITU Finance & Planning Director talked to the
group about the State Security Audit that is underway and offered
the SRP a role in the process of responding to the audit findings.
a) If the
findings necessitate changes that will affect the campus community,
the SRP can assist in getting feedback from the community to make
b) The SRP
may make recommendations to ITU with respect to policy changes,
perhaps in coordination/consultation with other committees and
campus authorities (for example: the Legal Affairs Department
and Privacy and Security Compliance Team).
There was discussion
as to whether this was within the scope of this group. It was noted
that the RUC specifies that SRP "provides security advice"
and so the consensus was that this is an appropriate undertaking
for this group.
2) Cathy gave
us a summary of the first quarter reports to firstname.lastname@example.org.
Most frequent complaints involved spam, viruses/worms, hostile probes,
copyright violations, scams, and listserve abuse. The group discussed
what steps should be taken in the event of more serious situations
that warrant immediate steps such as a serious threat made against
someone or a situation where a lawsuit may result if action is not
taken immediately. The consensus was that we still need to follow
the STOPIT Procedure, but that appropriate authority (police, Legal
Affairs, Dean of Students, etc.) may be consulted concurrently.
Indeed the RUC differentiates between cases that necessitate immediate
action and those that should be handled by the STOPIT process. (q.v.
Section VI: "This policy distinguishes between incidents that
pose no immediate dangers to persons or to system integrity, and
incidents that do. The three-step STOPIT process described below
is designed for cases in which there are no immediate dangers.")
a case involving a serious copyright violation case involving a
student who was a repeat offender. The recommendation was to organize
an open forum in the Fall in the JC for students to learn about
the laws and recent rulings and to coordinate with the Student Senate.
3) We discussed
revisions of the RUC and agreed that we would follow up via email.