skip to primary navigationskip to content

Privacy policy for CamCERT

This policy relates to personal data as defined by the Data Protection Act 1998, held in connection with security incidents reported to CamCERT.

CamCERT gathers and records all security and related incidents reported to it.

The information is used as follows:

  • Reports of attacks of any description (unexpected activity from machines outside the domain is passed to (JANET-CSIRT, which is the Computer Emergency Response team for the UK Academic Community. It may also be passed directly to the security teams at the site of the attacking machine. This includes computer staff in the University of Cambridge and its Colleges as well as sites anywhere in the world. Typically, the identity of the owner of the machine and the person who reported the incident will not intentionally be forwarded to third parties, but such information may be a part of the report or the name of the machine. Information may also be passed to University Computer Officers to enable them to trace insecure machines on their network.
  • Details of any machine within the that is found to be insecure may be forwarded to JANET-CSIRT so that
    • they can deal swiftly with complaints from remote sites
    • they can alert other members of the academic community to the sort of attack being experienced.
  • To alert the owners of machines on the Internet when their machine is misbehaving, perhaps because its security has been compromised or because some software is misconfigured.
  • To preserve evidence for subsequent investigations.
  • To enable repeating and continuing incidents to be identified.
  • To produce statistical reports for management purposes, such as an annual report. Such statistics do not include personal data, but are derived from logs that may contain personal data.

Information is recorded in the following ways:

  • All email is kept easily accessible for about 3 months so that investigations can continue. The email is available only to the CERT team, although extracts from the messages may be forwarded as described above.
  • email is archived at the end of each month and is kept on archive for a period of approximately 18 months.
  • A summary of the incidents reported is recorded in a small database and kept indefinitely. Typically, this includes the name and IP address of the machines involved in the incident and the nature of the incident. In the case of a single use machine, the name of the machine may therefore identify an individual.
  • Depersonalised reports are available to technical staff in the University and are kept indefinitely.

To assist with incidents the following traffic accounting information logged from the CUDN is used:

  • date and time of day
  • source and destination IP addresses
  • aggregated source and destination port numbers
  • protocol type
  • number of octets of data
  • number of packets of data

This information is processed by aggregating, ranking, and selection. Traffic data is held for approximately 3 months, processed security incident data for approximately 1 year.

Last reviewed: August 2015

Getting help

UIS Service Desk
General support queries

  Phone padded  (01223 7) 62999

UAS Service Desk
Administrative staff queries

  Phone padded  (01223 3) 32999

UIS bITe-size bulletin

A regular newsletter aimed at the University's IT community, highlighting service and project news from UIS.

Sign up >  |  Back issues

UIS Service Status

Phone padded  Service status line: (01223) 463085
Website padded  Sign up for SMS/email status alerts

RSS Feed Latest news

University Wireless Service maintenance 07:00–09:00 Wednesday 20 March

Mar 15, 2019

The University Wireless Service (eduroam and UniOfCam) will be subject to interruptions between 07:00 and 09:00 on Wednesday 20 March, while we investigate the problems that occurred during this week’s fail-over test.

View all news