Educause Security Discussion mailing list archives
Re: Classroom station logout
From: "Pace, Guy" <gpace () CIS CTC EDU>
Date: Tue, 17 Apr 2007 07:46:05 -0700
I looked at a number of possibilities for automated ways in my previous life. Almost all of them put a burden on the SA staff, rather than responsibility on the faculty, where it belongs. If you have administrative support, institutional policies in place and all that, the most effective solution is to do some Security Awareness training around that issue. Get the faculty involved and demonstrate the damage they can do to themselves and their careers by not taking reponsibility. Making threats of termination just doesn't work. The stick approach just doesn't fit the education environment anyway. Use the carrot and make the training a positive approach, but still highlight the dangers and what can happen _to_ _them_ when someone else can use their accounts. Once they get a personal investment in it, you'll see a significant increase in policy compliance. This is very much related to the security awareness thread that has been going on the last week. It isn't just faculty who need to log out of podiums, but staff who need to lock systems when they take a bathroom break or go get a cup of coffee. If you combine the training to include both areas, the faculty won't feel targeted and it will be perceived as a broader issue. Guy L. Pace, CISSP Security Administrator Center for Information Services (CIS) 3101 Northup Way, Suite 100 Bellevue, WA 98004 425-803-9724 gpace () cis ctc edu -----Original Message----- From: Gary Dobbins [mailto:dobbins () ND EDU] Sent: Tuesday, April 17, 2007 6:16 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Classroom station logout Has anyone found a clever and effective solution to the problem of faculty leaving classroom lectern systems logged in when they leave? A simple timeout doesn't cut it, since some may open a slide deck for the entire period and don't move the mouse, others might actively use the system right up to the end of the period, then walk away. Something that "knows when they've left the room" would be ideal, but it would also have to distinguish against other persons who arrived as the original user leaves. -- Gary Dobbins, CISSP -- Director, Information Security University of Notre Dame, Office of Information Technologies
Current thread:
- Classroom station logout Gary Dobbins (Apr 17)
- <Possible follow-ups>
- Re: Classroom station logout Pace, Guy (Apr 17)
- Re: Classroom station logout H. Morrow Long (Apr 17)
- Re: Classroom station logout Pace, Guy (Apr 17)
- Re: Classroom station logout David L. Wasley (Apr 17)
- Re: Classroom station logout Matthew Gracie (Apr 17)