Last updated: November 22, 2010
This privacy statement applies to information collected by web addresses in the isc.sans.edu, isc.sans.org, dshield.org, and other domains owned and operated by the Internet Storm Center, and the Escal Institute, hereafter referred to collectively as ISC.
How We Gather Information
To save you time and make our web services even easier to use, you may create an ISC or Dshield Portal Account using your personal information. You may do this by visiting https://isc.sans.edu/login.html. The ISC Portal system saves your information and references it to your email address and password. The next time you visit the ISC website, you can simply enter your email address and password.
ISC may occasionally provide you the opportunity to participate in contests or surveys on our site. If you participate, we may request certain personally identifiable information from you. Participation in these surveys or contests is completely voluntary and you therefore have a choice whether or not to disclose this information. The requested information typically includes contact and demographic information such as name and address. We may share aggregated demographic information about our user base with our partners and advertisers. This information does not identify individual users.
As is true of most Web sites, we gather certain information automatically and store it in log files. This information may include IP addresses, browser type, referring/exit pages, operating system, date/time stamp, and clickstream data.
We use this information to analyze trends, to administer the site, to track how visitors interact with the site.
You can remove your ISC Portal login cookie by clicking the "Logout" link.
If you reject cookies, you may still use our site, but your ability to use some areas of our site, such as the portal, contests or surveys, will be limited and you may need to reenter personal information when you register for events.
How We Protect Your Personal Information
ISC safeguards the security of the data you send us with physical, electronic, and managerial procedures. Likewise, we urge you to take every precaution to protect your personal data when you are on the Internet. These precautions include changing your password often, using a combination of letters, numbers and symbols, and using a secure browser.
The ISC website uses SSL v3 and TLS v1 encryption on all web pages where personal information is submitted. This protects the confidentiality of your personal and credit card information as it is transmitted over the Internet.
ISC may employ independent contractors to help manage data services, and such contractors may have access to data, similar to the access we give our employees.
Access To Your Personal Information
You always have access to the information we have about you. To review and update your personal contact information, simply click https://isc.sans.edu/login.html and log in with your email address and password, then click My Information. We encourage you to review your preferences regularly to keep the information current. You may also write firstname.lastname@example.org to have the information changed or removed.
Notifications And Promotional Email
If you no longer wish to receive our automatic notifications or promotional communications from ISC, you may opt-out of receiving them by following the instructions at our Notifications Page.
Links To Other Sites
The ISC web site contains links to other sites that are not owned or controlled by ISC. Please be aware that the ISC is not responsible for the privacy practices of such other sites. We encourage you to be aware when you leave our site and to read the privacy statements of each and every web site that collects personally identifiable information.
Affiliates and Subsidiaries
Information Obtained From Third Parties
ISC does not sell or trade your personal information. We may at times receive contact lists from other organizations. We may send mailings such as brochures to these addresses. Typically, these are one-time mailings, and the data is not entered into our database. If you want to remove yourself from the third party's database, you must contact them directly. These mailings have a brochure code printed on the mailing label. By providing this code, we will be able to tell you from what provider we received your contact info.
Changes To This Privacy Statement