Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Peeling off desktop Administrator Rights

From: Eric Case <ecase () EMAIL ARIZONA EDU>
Date: Mon, 7 Dec 2009 14:18:27 -0700
We have the same language in our AUP, etc.  Our president went a step
further and issued a memo saying the Deans were responsible and that the
dean of an area affected by a security beach would have to pay for the
cleanup, not central IT.  Maybe, InfoSec is willing to but Management is . .
.
-Eric


Eric Case, CISSP
eric (at) ericcase (dot) com
http://www.linkedin.com/in/ericcase



-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of randy marchany
Sent: Monday, December 07, 2009 1:09 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Peeling off desktop Administrator Rights

On Mon, Dec 7, 2009 at 2:25 PM, Eric Case <ecase () email arizona edu>
wrote:

Great points Randy,

What you propose only has one flaw, enforcing that users are

responsible.
---------------------------------
From our Acceptable Use Standard:

You are responsible for all activities on your userid or that
originate from your system.
In making acceptable use of resources you must:
 -use only legal versions of copyrighted software in compliance with
vendor license requirements.
----------------------------------

Easy for us to enforce. I think you mean "would we be WILLING to
enforce this?".  If the action causes disruption of service, data
access, etc., it seems everyone would be willing to enforce it.

That's a mgt issue not a security issue.

-Randy
Previous By Date Next
Previous By Thread Next

Current thread: