Educause Security Discussion mailing list archives
Re: Are users right in rejecting security advice?
From: Allison Dolan <adolan () MIT EDU>
Date: Wed, 17 Mar 2010 14:07:57 -0400
And part of the level of risk assessment both for individuals and institutions is clearly understanding whether the policy deals with internal compliance or external compliance - for us, the tenor of some discussions have changed, simply because we can now say ' this is Massachusetts law'. People who may have regarded non-compliance with some Institute policy as low risk, think twice about knowingly violating state law :-)
Allison F. Dolan Program Director, Protecting Personally Identifiable Information (617) 252-1461 http://mit.edu/infoprotect On Mar 17, 2010, at 1:45 PM, Basgen, Brian wrote:
I agree, policies are one way the institution makes a definitive statement on acceptable levels level of risk. The ideal situation is where the choice an employee makes vis-à-vis security compliance is whether or not to comply with college policy. Failure to comply may mean an ineffective policy, or may lead to opportunities for correction. Thus, while employees need to be a part of the policy development process, once the institution has collectively made a risk avoidance decision, it then becomes a compliance issue.~~~~~~~~~~~~~~~~~~ Brian Basgen Information Security Pima Community College Office: 520-206-4873
Current thread:
- Re: Are users right in rejecting security advice?, (continued)
- Re: Are users right in rejecting security advice? Valdis Kletnieks (Mar 17)
- Re: Are users right in rejecting security advice? Vik Solem (Mar 17)
- Re: Are users right in rejecting security advice? Mclaughlin, Kevin (mclaugkl) (Mar 17)
- Re: Are users right in rejecting security advice? Joe St Sauver (Mar 17)
- Re: Are users right in rejecting security advice? Perloff, Jim (Mar 17)
- Re: Are users right in rejecting security advice? Brad Judy (Mar 17)
- Re: Are users right in rejecting security advice? David Escalante (Mar 17)
- Re: Are users right in rejecting security advice? Mclaughlin, Kevin (mclaugkl) (Mar 17)
- Re: Are users right in rejecting security advice? Michael Van Norman (Mar 17)
- Re: Are users right in rejecting security advice? Basgen, Brian (Mar 17)
- Re: Are users right in rejecting security advice? Allison Dolan (Mar 17)
- Re: Are users right in rejecting security advice? Michael Sinatra (Mar 17)
- Re: Are users right in rejecting security advice? Eric Case (Mar 17)
- Re: Are users right in rejecting security advice? Eric Case (Mar 17)
- Re: Are users right in rejecting security advice? Patrick Ouellette (Mar 17)
- Re: Are users right in rejecting security advice? Jansen, Morgan R. (Mar 17)
- Re: Are users right in rejecting security advice? Dick Jacobson (Mar 17)
- Re: Are users right in rejecting security advice? John Nunnally (Mar 17)
- Re: Are users right in rejecting security advice? Eric Case (Mar 17)
- Re: Are users right in rejecting security advice? Patrick Ouellette (Mar 17)
- Re: Are users right in rejecting security advice? Roger Safian (Mar 17)
(Thread continues...)