Educause Security Discussion mailing list archives

Re: Classroom station logout

From: "Pace, Guy" <gpace () CIS CTC EDU>
Date: Tue, 17 Apr 2007 07:46:05 -0700

I looked at a number of possibilities for automated ways in my previous
life. Almost all of them put a burden on the SA staff, rather than
responsibility on the faculty, where it belongs. If you have
administrative support, institutional policies in place and all that,
the most effective solution is to do some Security Awareness training
around that issue. Get the faculty involved and demonstrate the damage
they can do to themselves and their careers by not taking reponsibility.
Making threats of termination just doesn't work. The stick approach just
doesn't fit the education environment anyway. Use the carrot and make
the training a positive approach, but still highlight the dangers and
what can happen _to_ _them_ when someone else can use their accounts.
Once they get a personal investment in it, you'll see a significant
increase in policy compliance.

This is very much related to the security awareness thread that has been
going on the last week. It isn't just faculty who need to log out of
podiums, but staff who need to lock systems when they take a bathroom
break or go get a cup of coffee. If you combine the training to include
both areas, the faculty won't feel targeted and it will be perceived as
a broader issue.

Guy L. Pace, CISSP
Security Administrator
Center for Information Services (CIS)
3101 Northup Way, Suite 100
Bellevue, WA 98004
425-803-9724

gpace () cis ctc edu


-----Original Message-----
From: Gary Dobbins [mailto:dobbins () ND EDU] 
Sent: Tuesday, April 17, 2007 6:16 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Classroom station logout

Has anyone found a clever and effective solution to the problem of
faculty leaving classroom lectern systems logged in when they leave?

A simple timeout doesn't cut it, since some may open a slide deck for
the entire period and don't move the mouse, others might actively use
the system right up to the end of the period, then walk away.

Something that "knows when they've left the room" would be ideal, but it
would also have to distinguish against other persons who arrived as the
original user leaves.


-- 

   Gary Dobbins, CISSP -- Director, Information Security
   University of Notre Dame, Office of Information Technologies

Current thread:

Classroom station logout Gary Dobbins (Apr 17)
- <Possible follow-ups>
- Re: Classroom station logout Pace, Guy (Apr 17)
- Re: Classroom station logout H. Morrow Long (Apr 17)
- Re: Classroom station logout Pace, Guy (Apr 17)
- Re: Classroom station logout David L. Wasley (Apr 17)
- Re: Classroom station logout Matthew Gracie (Apr 17)