Disclosure Policy

From Security Wiki
Jump to navigationJump to search

Security Incidents

As an open computing environment with daily interaction with thousands of colleagues in partner institutions around the world, SDSC expects a small number of security incidents.

When a security incident occurs, SDSC will provide complete, timely notification to any third parties who may be impacted as soon as the incident can be confirmed and contact information can be obtained. SDSC will act promptly to investigate any reports of intrusions elsewhere that could impact SDSC.

SDSC will provide complete, timely notification of security incidents to designated security contacts at non-Core research groups within SDSC. Each research group is responsible for designating primary and secondary security contacts and maintaining up-to-date contact information with the Security group. SDSC will also notify users whose accounts or data were affected, or potenially affected, as soon as possible. Users are responsible for keeping their contact information at ________ up-to-date.

SDSC Security will also notify UCSD-CIRT of security events at SDSC as necessary and appropriate.

SDSC will provide full disclosure of significant security incidents to any funding agencies once the initial response has stabilized the situation.

In general, the type, security, and extent of an incident will determine who is notified and when. At the discretion of SDSC Security, other groups on campus may be notified of incidents at SDSC, especially when they are reasonably believed to be targets for or vulnerable to the same or similar attacks.

As a science-focused organization, SDSC recognizes the value of public disclosure of security incidents in providing data on the general state of computer security. As such, SDSC will provide a report quarterly that summarizes the incidents we experienced.


Questions about SDSC security should be directed to abe@sdsc.edu (???)

California Senate Bill 1386 (CA-1386)

California Senate Bill 1386 requires SDSC to notify the owner of any personal data that was, or is believed to have been accessed or acquired by an unauthorized person. SDSC will notify owners of data as soon as possible after the system has been secured against further intrusion, unless law enforcement requests further delay.

California Public Records Act

Some or all information stored at SDSC may be subject to release subsequent to a request made under the California Public Records Act.

Personal Information

Machines and networks at SDSC may be monitored by authorized personnel for operational and research purposes. SDSC complies with the UC Electronic Communications Policy (ECP) and does nto disclose personal communication except as allowed in the UC ECP.