On Nov 15, 2007, at 9:02 AM, Eric Weston wrote: > Does anyone know where there is info about what is regarded as > "sensitive" data, according to MSU? We have been asked to identify > where > we store sensitive data, but I find it difficult to determine what > data > is regarded as sensitive. Everyone is very willing to give their > opinions regarding what is sensitive and what is not, but I've not > been > able to get the official MSU stance. The one type of data that I've > heard to be acknowledged as sensitive is web logs containing IP > addresses. Is there an official document somewhere that clarifies this > matter? There's a boatload of information on it, if you start here: http://computing.msu.edu/msd/ you should be able to find what you're looking for, and maybe more specifically: http://computing.msu.edu/msd/documents/Securing_Enterprise_Data_at_MSU_w_ISO_17799_checklist_14_Apr_07.pdf ./mk -- Matt Kolb <[log in to unmask]> Academic Computing & Network Services Michigan State University