Infrastructure Data (InD) refers to data generated by IT infrastructure and related support services; this includes but is not limited to logs and records generated by any components of an institution’s Information Technology infrastructure, such as server logs, application logs, security devices records, door access logs, network device logs, network monitoring data and traffic metadata, NAC logs, DHCP transaction logs, and similar.
All Infrastructure Data should be considered classified, and requires special handling. Most will be considered Level Two, but some may be considered Level Three.
Infrastructure data is owned by the department (usually, the department head) that employs the system or service’s primary or senior administrator. The data owner is responsible for identifying and classifying Infrastructure data, and for its oversight, proper handling, and dissemination.
In general, the primary purposes for generating and retaining InD is for service performance or system problem diagnostics and troubleshooting. It is also kept for Incident Response needs, incident impact analysis, and incident forensic investigations, for both disruptive and non-disruptive types of incidents.
Use of InD, and in particular InD that may be linked to an individual client or user, for purposes other than those just described is the subject of this management policy.
If and when InD is released, it should be released along with a very specific description of exactly what the data means. For instance: "Our logs show that a device with this MAC address sent an association request to the access point that we show as being installed on the wall in Enfield 56D at the time when the access point’s internal clock said it was 10:01:06 a.m. on Sunday, October 24, 2256, and our logging server received the message when its internal clock said it was 23:56:45, Monday, December 4, 2016," and including some mitigating information such as “This does not prove that any specific person was at any specific location at any specific time. It doesn’t mean anything other than what was stated above.”
It's important to stress, when discussing InD, that it rarely proves anything. It is intended for diagnostic purposes, is not foolproof, and requires a lot of expert interpretation, which is also subject to error.